From issues-return-159866-archive-asf-public=cust-asf.ponee.io@hive.apache.org Tue Jun 11 01:24:02 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 327C2180649 for ; Tue, 11 Jun 2019 03:24:02 +0200 (CEST) Received: (qmail 86878 invoked by uid 500); 11 Jun 2019 01:24:01 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 86869 invoked by uid 99); 11 Jun 2019 01:24:01 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jun 2019 01:24:01 +0000 Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id E5DFFE2AEF for ; Tue, 11 Jun 2019 01:24:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 735452462F for ; Tue, 11 Jun 2019 01:24:00 +0000 (UTC) Date: Tue, 11 Jun 2019 01:24:00 +0000 (UTC) From: "Sam An (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HIVE-21833) Ranger Authorization in Hive based on object ownership MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-21833?page=3Dcom.atlassia= n.jira.plugin.system.issuetabpanels:all-tabpanel ] Sam An updated HIVE-21833: -------------------------- Status: Open (was: Patch Available) > Ranger Authorization in Hive based on object ownership > ------------------------------------------------------ > > Key: HIVE-21833 > URL: https://issues.apache.org/jira/browse/HIVE-21833 > Project: Hive > Issue Type: New Feature > Components: HiveServer2 > Reporter: Sam An > Assignee: Sam An > Priority: Major > Attachments: HIVE-21833.1.patch, HIVE-21833.2.patch, HIVE-21833.3= .patch, HIVE-21833.4.patch, HIVE-21833.5.patch, HIVE-21833.6.patch > > > Background: Currently Hive Authorizer for Ranger does not provide owner i= nformation for Hive objects as part of AuthZ calls. This has resulted in ga= ps with respect to Sentry AuthZ and customers/partners cannot leverage priv= ileges for owners in their authorization model. > =C2=A0 > User Story: As an enterprise security admin, I need to be able to set pri= vileges based on Hive object ownership for setting up access controls in Ra= nger so that I can provide appropriate protections and permissions for my e= nterprise users. > =C2=A0 > Acceptance criteria: > 1) Owner information is available in Hive -Ranger AuthZ calls=C2=A0 > 2) Ranger admin users can use owner information to set policies based on = object ownership in Ranger UI and APIs > 3) OWNER Macro based policies continue to work for Hive objects -- This message was sent by Atlassian JIRA (v7.6.3#76005)