You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "star (Jira)" <ji...@apache.org> on 2019/12/06 03:02:00 UTC
[jira] [Comment Edited] (RANGER-2664) filterListCmdObjects does not
work in sql 'show databases'
[ https://issues.apache.org/jira/browse/RANGER-2664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989352#comment-16989352 ]
star edited comment on RANGER-2664 at 12/6/19 3:01 AM:
-------------------------------------------------------
It only exists in ranger 1.2. ranger 2.x has fixed this bug by setting empty resource while ranger 1.2 is database="*". Difference is as following codes.
{code:java}
// ranger 1.2
public RangerHiveResource(HiveObjectType objectType, String databaseorUrl, String tableOrUdf, String column) {
this.objectType = objectType;
switch(objectType) {
case DATABASE:
//databaseorUrl is null when show databases
if (databaseorUrl == null) {
databaseorUrl = "*";
}
setValue(KEY_DATABASE, databaseorUrl);
break;
}
}
{code}
{code:java}
// ranger 2.x
public RangerHiveResource(HiveObjectType objectType, String firstLevelResource, String secondLevelResource, String thirdLevelResource) {
this.objectType = objectType;
switch(objectType) {
case DATABASE:
//firstLevelResource is null when show databases
setValue(KEY_DATABASE, firstLevelResource);
break;
...
}
}{code}
As empty resource, I think following code is redundant.
{code:java}
// RangerHiveAuthorizer#checkPrivileges
if (hiveOpType == HiveOperationType.SHOWDATABASES) {
RangerHiveResource resource = new RangerHiveResource(HiveObjectType.DATABASE, null);
RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType.name(), HiveAccessType.USE, context, sessionContext);
requests.add(request);
}
{code}
was (Author: starphin):
It only exists in ranger 1.2. ranger 2.x has fixed this bug by setting empty resource while ranger 1.2 is database="*". Difference is as following codes.
{code:java}
// ranger 1.2
public RangerHiveResource(HiveObjectType objectType, String databaseorUrl, String tableOrUdf, String column) {
this.objectType = objectType;
switch(objectType) {
case DATABASE:
//databaseorUrl is null when show databases
if (databaseorUrl == null) {
databaseorUrl = "*";
}
setValue(KEY_DATABASE, databaseorUrl);
break;
}
}
{code}
{code:java}
// ranger 2.x
public RangerHiveResource(HiveObjectType objectType, String firstLevelResource, String secondLevelResource, String thirdLevelResource) {
this.objectType = objectType;
switch(objectType) {
case DATABASE:
//firstLevelResource is null when show databases
setValue(KEY_DATABASE, firstLevelResource);
break;
...
}
}
{code}
> filterListCmdObjects does not work in sql 'show databases'
> ----------------------------------------------------------
>
> Key: RANGER-2664
> URL: https://issues.apache.org/jira/browse/RANGER-2664
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: star
> Priority: Major
> Attachments: ranger-2664.patch
>
>
> In hive plugin, when execute sql 'show databases',
> privilege HiveAccessType.USE is required on database '*'. If it is authorized USE privilege, all database will be showed. If not, the sql will be stuck when checking privilege.
> To solve the problem, just let the sql 'show databases' pass through when METASTORE_FILTER_HOOK is set as AuthorizationMetaStoreFilterHook. Privilege HiveAccessType.USE is not required on database '*'.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)