Goden, yes that is right, you can put "*" for table and column
From: Goden Yao <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, May 4, 2017 at 2:21 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: GRANT ALL ON DATABASE ... Thanks Ramesh - in Ranger UI, I see table is always required when creating a policy - is that the case? so you are saying I can put "*" in table input field? On Thu, May 4, 2017 at 1:40 PM Ramesh Mani <[email protected]<mailto:[email protected]>> wrote: Goden, GRANT ALL/READ ON DATABASE XYZ you can maintain a policy for database "*" , but with respect to ROLE XXX can this ROLE be a "group" in LDAP/AP or unix? Then you can maintain this policy for GROUP XXX. Thanks, Ramesh From: Goden Yao <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, May 4, 2017 at 1:34 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: GRANT ALL ON DATABASE ... Hi Anyone may want to comment ? I found out this is actually supported in Hive Default Authorization (legacy) mode but probably not in SQL Standard Authorization, why is that? On Tue, May 2, 2017 at 10:20 AM Goden Yao <[email protected]<mailto:[email protected]>> wrote: Hi I wonder if Ranger policy can support something like "GRANT ALL/READ ON DATABASE XYZ to ROLE XXX"? Or I have to specify each table iteratively in a database? Thanks -Goden -- Goden -- Goden -- Goden
