Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/15436 )
Change subject: [ranger] fix incorrect authz enforcement in Ranger authz provider ...................................................................... Patch Set 5: (2 comments) http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h File src/kudu/ranger/ranger_client.h: http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h@57 PS1, Line 57: enum Scope { > Hmm, I don't see there is a hierarchical implication that Sentry had in Ran I agree with having consistent behavior w.r.t. policy evaluation. Probably worth reaching out to an Impala person familiar with authz to ask what implications there are and what aren't, rather than relying on manual tests to discover and infer their behavior. http://gerrit.cloudera.org:8080/#/c/15436/5/src/kudu/ranger/ranger_client.cc File src/kudu/ranger/ranger_client.cc: http://gerrit.cloudera.org:8080/#/c/15436/5/src/kudu/ranger/ranger_client.cc@262 PS5, Line 262: if (scope == Scope::TABLE) { What about COLUMN? To Attila's point, it probably doesn't make much sense to have COLUMN if we never use it, especially if the code doesn't currently reflect the correct behavior if we were to use it. -- To view, visit http://gerrit.cloudera.org:8080/15436 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I267aabc5f224ee7ceeffd6187785595dd6f16487 Gerrit-Change-Number: 15436 Gerrit-PatchSet: 5 Gerrit-Owner: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Attila Bukor <abu...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Thu, 19 Mar 2020 22:54:32 +0000 Gerrit-HasComments: Yes