ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [5/6] incubator-ranger git commit: RANGER-530: Access-type 'all' should imply rest of the permissions in Hive
Date Fri, 05 Jun 2015 02:40:31 GMT
RANGER-530: Access-type 'all' should imply rest of the permissions in Hive


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/016f0f6f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/016f0f6f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/016f0f6f

Branch: refs/heads/tag-policy
Commit: 016f0f6fd4132a4843f69354b6a4d413ff9c289e
Parents: 89c524d
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Thu Jun 4 17:35:54 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Thu Jun 4 17:36:03 2015 -0700

----------------------------------------------------------------------
 .../resources/service-defs/ranger-servicedef-hive.json  | 12 +++++++++++-
 .../hive/authorizer/RangerHiveAuthorizer.java           |  3 +++
 2 files changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/016f0f6f/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index b01a1d8..2c48298 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -131,7 +131,17 @@
 		{
 			"itemId": 8,
 			"name": "all",
-			"label": "All"
+			"label": "All",
+			"impliedGrants":
+			[
+				"select",
+				"update",
+				"create",
+				"drop",
+				"alter",
+				"index",
+				"lock"
+			]
 		}
 	],
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/016f0f6f/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ad73682..1df1af4 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -312,6 +312,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 		            	List<RangerAccessRequest> colRequests = new ArrayList<RangerAccessRequest>();
 	
 		            	String[] columns = StringUtils.split(resource.getColumn(), COLUMN_SEP);
+
+		            	// in case of multiple columns, original request is not sent to the plugin;
hence service-def will not be set
+		            	resource.setServiceDef(hivePlugin.getServiceDef());
 	
 		            	for(String column : columns) {
 	                        if (column != null) {


Mime
View raw message