ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Bosco Durai <bo...@apache.org>
Subject Re: Ranger not executing policies...
Date Tue, 10 Jul 2018 04:24:17 GMT
I think I know the issue. My plugin code is the latest 1.x, while the Ranger Admin is 0.7.
So even though the server is sending the correct data, the 1.x plugin code is not able to
convert it to proper object (ServicePolicies).

Let me try after downgrading my plugin version.


On 7/9/18, 4:52 PM, "Don Bosco Durai" <bosco@apache.org> wrote:

    Hi Abhay
    Thanks for looking into it so quickly.
    Good catch on the issue. I have given public access to *,*,*. However, when the policies
are pulled from Spark, the resources are not coming properly. I think, none of the resources
are coming. I might have to dig deeper to see the root cause.
    I have attached 2 files. hiveServer2_brown_hive.json is downloaded by HiveServer2 and
hiveCLI_brown_hive.json is downloaded by SparkSQL Thrift Server.
          "resources": {
            "database": {
              "values": [
              "isExcludes": false,
              "isRecursive": false
          "resources": {},
    On 7/9/18, 4:34 PM, "Abhay Kulkarni" <akulkarni@hortonworks.com> wrote:
        It appears from the log (lines 6, 7)  that the Trie search for resource (database=default)
did not find any policies. Per lines 3 and 5, it looks like the name of the policy resource
is set to 'database' instead of 'default'. Could you please check if the policies are correctly
downloaded to the component?
        From: Don Bosco Durai <bosco@apache.org<mailto:bosco@apache.org>>
        Reply-To: "dev@ranger.apache.org<mailto:dev@ranger.apache.org>" <dev@ranger.apache.org<mailto:dev@ranger.apache.org>>
        Date: Monday, July 9, 2018 at 3:51 PM
        To: ranger <dev@ranger.apache.org<mailto:dev@ranger.apache.org>>
        Subject: Ranger not executing policies...
        Hi Abhay
        I have extended the work done by Kent Yao for supporting Ranger with SparkSQL ThriftServer.
I managed to integrate with the Ranger master branch and also the Ranger authorizer code is
called, but I always get denied by Ranger authorizer.
        Earlier in the logs, I can see the policies getting downloaded and also the local
.json file is getting created. However, when the check privileges call is called, it seems
it is not able to get it. I am not sure if custom class loaders are interfering. Is it possible
to dump the policies when the authorization code is called?
        I have attached part of the logs. Let me know if you can guide me in the right direction?

View raw message