You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2018/03/28 01:12:36 UTC

Review Request 66324: RANGER-2045: Hive table columns with no explicit allow policy are listed with 'desc table' command

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66324/
-----------------------------------------------------------

Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Bugs: RANGER-2045
    https://issues.apache.org/jira/browse/RANGER-2045


Repository: ranger


Description
-------

Test scenario
'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1' and columns='name', 'age' [user does not have permissions on 'city' column].

"DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results with 'city' column included.

When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none', Hive would follow default behavior and should deny DESCRIBE table and show column commands as the policy does not grant the test user access to all columns of the table. But the commands go through fine.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55938b128 


Diff: https://reviews.apache.org/r/66324/diff/1/


Testing
-------

Tested with local VM


Thanks,

Abhay Kulkarni

Re: Review Request 66324: RANGER-2045: Hive table columns with no explicit allow policy are listed with 'desc table' command

Posted by Qiang Zhang <zh...@zte.com.cn>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66324/#review200082
-----------------------------------------------------------


Ship it!




Ship It!

- Qiang Zhang


On March 28, 2018, 1:12 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66324/
> -----------------------------------------------------------
> 
> (Updated March 28, 2018, 1:12 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-2045
>     https://issues.apache.org/jira/browse/RANGER-2045
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Test scenario
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1' and columns='name', 'age' [user does not have permissions on 'city' column].
> 
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results with 'city' column included.
> 
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none', Hive would follow default behavior and should deny DESCRIBE table and show column commands as the policy does not grant the test user access to all columns of the table. But the commands go through fine.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55938b128 
> 
> 
> Diff: https://reviews.apache.org/r/66324/diff/1/
> 
> 
> Testing
> -------
> 
> Tested with local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66324: RANGER-2045: Hive table columns with no explicit allow policy are listed with 'desc table' command

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66324/#review200083
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On March 28, 2018, 1:12 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66324/
> -----------------------------------------------------------
> 
> (Updated March 28, 2018, 1:12 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-2045
>     https://issues.apache.org/jira/browse/RANGER-2045
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Test scenario
> 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none'
> Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', 'city'.
> Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', table='testtable1' and columns='name', 'age' [user does not have permissions on 'city' column].
> 
> "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands show results with 'city' column included.
> 
> When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to 'none', Hive would follow default behavior and should deny DESCRIBE table and show column commands as the policy does not grant the test user access to all columns of the table. But the commands go through fine.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55938b128 
> 
> 
> Diff: https://reviews.apache.org/r/66324/diff/1/
> 
> 
> Testing
> -------
> 
> Tested with local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>