Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/15436 )
Change subject: [ranger] fix incorrect authz enforcement in Ranger authz provider ...................................................................... Patch Set 8: (1 comment) http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h File src/kudu/ranger/ranger_client.h: http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h@57 PS1, Line 57: DATABASE, > My point isn't to mimic Sentry with Ranger. It's to better understand what Andrew and I talked about this and other Ranger policy stuff pretty extensively today, as I had a bunch of questions about implication rules and wildcards. Hao, as part of your exploration here, could you take a stab at documenting (or at least summarizing) the Kudu Ranger policy somewhere in Kudu itself? Either as a standalone doc, or as a series of comments in ranger_authz_provider.h, or something else. I for one didn't fully understand the relationship between Sentry implication and Ranger wildcard vs. non-wildcard privileges, and seeing it written down would be super helpful. -- To view, visit http://gerrit.cloudera.org:8080/15436 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I267aabc5f224ee7ceeffd6187785595dd6f16487 Gerrit-Change-Number: 15436 Gerrit-PatchSet: 8 Gerrit-Owner: Hao Hao <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Fri, 20 Mar 2020 22:26:19 +0000 Gerrit-HasComments: Yes
