ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Review Request 66324: RANGER-2045: Hive table columns with no explicit allow policy are listed with 'desc table' command
Date Wed, 28 Mar 2018 01:47:07 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66324/#review200083
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On March 28, 2018, 1:12 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66324/
> -----------------------------------------------------------
> 
> (Updated March 28, 2018, 1:12 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-2045
>     https://issues.apache.org/jira/browse/RANGER-2045
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Test scenario
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1'
and columns='name', 'age' [user does not have permissions on 'city' column].
> 
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results
with 'city' column included.
> 
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none',
Hive would follow default behavior and should deny DESCRIBE table and show column commands
as the policy does not grant the test user access to all columns of the table. But the commands
go through fine.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
55938b128 
> 
> 
> Diff: https://reviews.apache.org/r/66324/diff/1/
> 
> 
> Testing
> -------
> 
> Tested with local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message