What's behind the stage for ranger to configure this - does it internally go through every table ? just want to understand the implementation details.
On Thu, May 4, 2017 at 2:30 PM Ramesh Mani <[email protected]> wrote: > Goden, yes that is right, you can put “*” for table and column > > > From: Goden Yao <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Thursday, May 4, 2017 at 2:21 PM > > To: "[email protected]" <[email protected]> > Subject: Re: GRANT ALL ON DATABASE ... > > Thanks Ramesh - in Ranger UI, I see table is always required when creating > a policy - is that the case? so you are saying I can put "*" in table input > field? > > On Thu, May 4, 2017 at 1:40 PM Ramesh Mani <[email protected]> wrote: > >> Goden, >> >> GRANT ALL/READ ON DATABASE XYZ you can maintain a policy for database “*” >> , but with respect to ROLE XXX can this ROLE be a “group” in LDAP/AP or >> unix? Then you can maintain this policy for GROUP XXX. >> >> Thanks, >> Ramesh >> >> From: Goden Yao <[email protected]> >> Reply-To: "[email protected]" <[email protected]> >> Date: Thursday, May 4, 2017 at 1:34 PM >> To: "[email protected]" <[email protected]> >> Subject: Re: GRANT ALL ON DATABASE ... >> >> Hi Anyone may want to comment ? I found out this is actually supported in >> Hive Default Authorization (legacy) mode but probably not in SQL Standard >> Authorization, why is that? >> >> On Tue, May 2, 2017 at 10:20 AM Goden Yao <[email protected]> wrote: >> >>> Hi >>> >>> I wonder if Ranger policy can support something like "GRANT ALL/READ ON >>> DATABASE XYZ to ROLE XXX"? >>> >>> Or I have to specify each table iteratively in a database? >>> >>> Thanks >>> -Goden >>> -- >>> Goden >>> >> -- >> Goden >> > -- > Goden > -- Goden
