hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hubert Zhang <hzh...@pivotal.io>
Subject Re: Ranger Discussion: Scope for HAWQ Ranger Integration
Date Wed, 25 Jan 2017 09:12:40 GMT
  Except non-heap tables, we also need to forbid grant/revoke command for
build-in schemas and functions once ranger is configured.

On Wed, Jan 25, 2017 at 5:04 PM, Lili Ma <lilima@apache.org> wrote:

> Sorry there is something wrong with the format. Here is the revised
> version.
>
> Hi All,
>
>
> We propose the following Scope for the first release of HAWQ Ranger
> integration. Please comment and provide feedback. Thanks a lot!
>
>
> In Scope
>
>    - Basic objects including non-heap table check be kept in Ranger side,
>    includes (Can Refer to detailed explanation for Grant command in HAWQ
>    document http://hdb.docs.pivotal.io/211/hawq/reference/sql/GRANT.html
> ):
>    - Database:  Create Schema(Short as Create), Connect database (Short as
>       Connect), and Create Temp Table (Short as Temp).
>       - Tablespace: Create table and database under this tablespace (Short
>       as Create)
>       - Schema: create table or select from table under this schema(Short
>       as Usage), Create table under this Schema (Short as Create)
>       - Table: Select from this table (Short as Select), Insert into this
>       table(Short as Insert)
>       - Sequence: running select from this sequence(Short as Select),
>       update the  value for this sequence (Short as Update)
>       - Function: Execution of this function (Short as Execute)
>       - Language: Usage of this language (Short as Usage)
>       - Protocol: Select data through this protocol(Short as Select),
>       Insert data through this protocol(Short as Insert)
>    - Super user for HDFS data check in Ranger side same as 1), while below
>    checking kept in HAWQ side. Below is the behaviors which are strictly
>    restricted to superuser.
>    - create cast: when function is NULL
>       - create filespace
>       - create/remove/alter foreign-data wrapper
>       - create function: For untrusted language, only superuser can create
>       function.
>       - create/drop procedural language
>       - create/drop/alter resource queue
>       - create tablespace: It means the privilege to create tablespace, and
>       only superuser can do. But the CREATE privilege for tablespace means
>       creating database/table/index... in tablespace, which is managed
> by Ranger.
>       - create external table: Only superuser can create EXECUTE external
>       web table or create an external table with a file protocol (but in
> HAWQ
>       2.0, the file protocol is not supported any more).
>       - create operator class
>       - copy: Only superuser can copy to or from a file. When Ranger is
>       configured, the superuser can not run copy to or from when he
> doesn't have
>       the privilege for that table select or insert.
>       - alter state of system triggers
>       - some build in functions, including
>          - pg_logdir_ls
>          - pg_ls_dir
>          - pg_read_file
>          - pg_reload_conf
>          - pg_rotate_logfile
>          - pg_signal_backend
>          - pg_start_backup
>          - pg_stat_file
>          - pg_stat_get_activity
>          - pg_stat_get_backend_activity_start
>          - pg_stat_get_backend_activity
>          - pg_stat_get_backend_client_addr
>          - pg_stat_get_backend_client_port
>          - pg_stat_get_backend_start
>          - pg_stat_get_backend_waiting
>          - pg_stop_backup
>          - pg_switch_xlog
>          - pg_stat_reset
>       - Catalog table/system embedded function/owner check kept in HAWQ
> side
>    - Forbid grant/revoke command for non-heap table in HAWQ once Ranger is
>    configured
>    - Documents for telling people if they firstly enable ranger and then
>    don't want to use it, they need manually recreate all the policies of
>    Ranger in HAWQ own side
>    - Documents for how to enable Ranger in Ambari:  Firstly set ranger off,
>    init HAWQ master, then set ranger on, and then restart HAWQ cluster.
>
> Out of Scope for the first Release
>
>    - Ambari modification: We just use Ambari's customized GUC for the first
>    release instead of adding a new GUC, so no change from Ambari side
>    - Kerberos/SSL connection from HAWQ to RPS and RPS to Ranger
>    - HA: There are two levels of HA: Ranger Server HA and RPS HA. For
>    Ranger Server HA, RPS needs to be designed to be tolerant for this; For
> RPS
>    HA, HAWQ master and standby master should be able to connect to another
> RPS
>    if one is down.
>    - Catalog table/System embedded function/owner check in Ranger
>    - Allow both Grant/Revoke command and Ranger side ACL control for the
>    same objects such as non-heap table
>    - Tool for converting all privileges defined in Ranger to HAWQ
>    grant/revoke command
>    - Tool for syncing HAWQ user information from LDAP
>    - Ranger check for drop table/create database
>
> Best Regards,
> Lili
>
> 2017-01-25 16:55 GMT+08:00 Lili Ma <lilima@apache.org>:
>
> > Hi All,
> >
> >
> > We propose the following Scope for the first release of HAWQ Ranger
> > integration. Please comment and provide feedback. Thanks a lot!
> >
> >
> > In Scope
> >
> >    1.
> >
> >    Basic objects including non-heap table check be kept in Ranger side,
> >    includes (Can Refer to detailed explanation for Grant command in HAWQ
> >    document http://hdb.docs.pivotal.io/211/hawq/reference/sql/GRANT.html
> >    ):
> >    1.
> >
> >       Database:  Create Schema(Short as Create), Connect database (Short
> >       as Connect), and Create Temp Table (Short as Temp).
> >       2.
> >
> >       Tablespace: Create table and database under this tablespace (Short
> >       as Create)
> >       3.
> >
> >       Schema: create table or select from table under this schema(Short
> >       as Usage), Create table under this Schema (Short as Create)
> >       4.
> >
> >       Table: Select from this table (Short as Select), Insert into this
> >       table(Short as Insert)
> >       5.
> >
> >       Sequence: running select from this sequence(Short as Select),
> >       update the  value for this sequence (Short as Update)
> >       6.
> >
> >       Function: Execution of this function (Short as Execute)
> >       7.
> >
> >       Language: Usage of this language (Short as Usage)
> >       8.
> >
> >       Protocol: Select data through this protocol(Short as Select),
> >       Insert data through this protocol(Short as Insert)
> >       2.
> >
> >    Super user for HDFS data check in Ranger side same as 1), while below
> >    checking kept in HAWQ side. Below is the behaviors which are strictly
> >    restricted to superuser.
> >    1.
> >
> >       create cast: when function is NULL
> >       2.
> >
> >       create filespace
> >       3.
> >
> >       create/remove/alter foreign-data wrapper
> >       4.
> >
> >       create function: For untrusted language, only superuser can create
> >       function.
> >       5.
> >
> >       create/drop procedural language
> >       6.
> >
> >       create/drop/alter resource queue
> >       7.
> >
> >       create tablespace: It means the privilege to create tablespace, and
> >       only superuser can do. But the CREATE privilege for tablespace
> means
> >       creating database/table/index... in tablespace, which is managed
> by Ranger.
> >       8.
> >
> >       create external table: Only superuser can create EXECUTE external
> >       web table or create an external table with a file protocol (but in
> HAWQ
> >       2.0, the file protocol is not supported any more).
> >       9.
> >
> >       create operator class
> >       10.
> >
> >       copy: Only superuser can copy to or from a file. When Ranger is
> >       configured, the superuser can not run copy to or from when he
> doesn't have
> >       the privilege for that table select or insert.
> >       11.
> >
> >       alter state of system triggers
> >       12.
> >
> >       some build in functions, including
> >       -
> >
> >          pg_logdir_ls
> >          -
> >
> >          pg_ls_dir
> >          -
> >
> >          pg_read_file
> >          -
> >
> >          pg_reload_conf
> >          -
> >
> >          pg_rotate_logfile
> >          -
> >
> >          pg_signal_backend
> >          -
> >
> >          pg_start_backup
> >          -
> >
> >          pg_stat_file
> >          -
> >
> >          pg_stat_get_activity
> >          -
> >
> >          pg_stat_get_backend_activity_start
> >          -
> >
> >          pg_stat_get_backend_activity
> >          -
> >
> >          pg_stat_get_backend_client_addr
> >          -
> >
> >          pg_stat_get_backend_client_port
> >          -
> >
> >          pg_stat_get_backend_start
> >          -
> >
> >          pg_stat_get_backend_waiting
> >          -
> >
> >          pg_stop_backup
> >          -
> >
> >          pg_switch_xlog
> >          -
> >
> >          pg_stat_reset
> >          3.
> >
> >    Catalog table/system embedded function/owner check kept in HAWQ side
> >    4.
> >
> >    Forbid grant/revoke command for non-heap table in HAWQ once Ranger is
> >    configured
> >    5.
> >
> >    Documents for telling people if they firstly enable ranger and then
> >    don't want to use it, they need manually recreate all the policies of
> >    Ranger in HAWQ own side
> >    6.
> >
> >    Documents for how to enable Ranger in Ambari:  Firstly set ranger off,
> >    init HAWQ master, then set ranger on, and then restart HAWQ cluster.
> >
> >
> > Out of Scope for the first Release
> >
> >    1.
> >
> >    Ambari modification: We just use Ambari's customized GUC for the first
> >    release instead of adding a new GUC, so no change from Ambari side
> >    2.
> >
> >    Kerberos/SSL connection from HAWQ to RPS and RPS to Ranger
> >    3.
> >
> >    HA: There are two levels of HA: Ranger Server HA and RPS HA. For
> >    Ranger Server HA, RPS needs to be designed to be tolerant for this;
> For RPS
> >    HA, HAWQ master and standby master should be able to connect to
> another RPS
> >    if one is down.
> >    4.
> >
> >    Catalog table/System embedded function/owner check in Ranger
> >    5.
> >
> >    Allow both Grant/Revoke command and Ranger side ACL control for the
> >    same objects such as non-heap table
> >    6.
> >
> >    Tool for converting all privileges defined in Ranger to HAWQ
> >    grant/revoke command
> >    7.
> >
> >    Tool for syncing HAWQ user information from LDAP
> >    8.
> >
> >    Ranger check for drop table/create database
> >
> >
> > Best Regards,
> > Lili
> >
>



-- 
Thanks

Hubert Zhang

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message