[ 
https://issues.apache.org/jira/browse/HAWQ-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lili Ma reassigned HAWQ-1332:
-----------------------------

    Assignee: Alexander Denissov  (was: Ed Espino)

> Can not grant database and schema privileges without table privileges in 
> ranger or ranger plugin service
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HAWQ-1332
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1332
>             Project: Apache HAWQ
>          Issue Type: Bug
>          Components: Security
>            Reporter: Chunling Wang
>            Assignee: Alexander Denissov
>         Attachments: screenshot-1.png, screenshot-2.png, screenshot-3.png
>
>
> We try to grant database connect and schema usage privileges to a non-super 
> user to connect database. We find that if we set policy with database and 
> schema included, but with table excluded, we can not connect database. But if 
> we include table, we can connect to database. We think there may be bug in 
> Ranger Plugin Service or Ranger. Here are steps to reproduce it.
> 1. create a new user "usertest1" in database:
> {code}
> $ psql postgres
> psql (8.2.15)
> Type "help" for help.
> postgres=# CREATE USER usertest1;
> NOTICE:  resource queue required -- using default resource queue "pg_default"
> CREATE ROLE
> postgres=#
> {code}
> 2. add user "usertest1" in pg_hba.conf
> {code}
> local all     usertest1             trust
> {code}
> 3. set policy with database and schema included, with table excluded
> !screenshot-1.png|width=800,height=400!
> 4. connect database with user "usertest1" but failed with permission denied
> {code}
> $ psql postgres -U usertest1
> psql: FATAL:  permission denied for database "postgres"
> DETAIL:  User does not have CONNECT privilege.
> {code}
> 5. set policy with database, schema and table included
> !screenshot-2.png|width=800,height=400!
> 6. connect database with user "usertest1" and succeed
> {code}
> $ psql postgres -U usertest1
> psql (8.2.15)
> Type "help" for help.
> postgres=#
> {code}
> But if we do not set table as "*", and specify table like "a", we can not 
> access database either.
> !screenshot-3.png|width=800,height=400!



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to