[kudu-CR] [ranger] fix incorrect authz enforcement in Ranger authz provider

Andrew Wong (Code Review) Thu, 19 Mar 2020 15:17:25 -0700

Andrew Wong has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/15436 )


Change subject: [ranger] fix incorrect authz enforcement in Ranger authz 
provider
......................................................................


Patch Set 5:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h
File src/kudu/ranger/ranger_client.h:

http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h@57
PS1, Line 57:   enum Scope {
> The reason why we are seeing this 'inconsistency' is because we do require
Yeah, I agree we should follow suit with what Hive and Impala users are used 
to. It sounds like they are used to the hierarchical implication that Sentry 
had.

In Hive/Impala, if a user has select on db=a, do they also have select on 
db=a->table=b->col=c?



--
To view, visit http://gerrit.cloudera.org:8080/15436
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I267aabc5f224ee7ceeffd6187785595dd6f16487
Gerrit-Change-Number: 15436
Gerrit-PatchSet: 5
Gerrit-Owner: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 19 Mar 2020 22:17:02 +0000
Gerrit-HasComments: Yes

[kudu-CR] [ranger] fix incorrect authz enforcement in Ranger authz provider

Reply via email to