You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/11/16 05:06:57 UTC

[ranger] 01/03: RANGER-3035: plugin-presto: M-M user can not access presto with right permission

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit ce4de4e7e34f95f6a6df02bc1e9873fd1d423101
Author: rujia1019 <82...@163.com>
AuthorDate: Mon Oct 12 20:06:35 2020 +0800

    RANGER-3035: plugin-presto: M-M user can not access presto with right permission
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../authorization/presto/authorizer/RangerSystemAccessControl.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
index f4fc89d..5794a82 100644
--- a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
+++ b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
@@ -642,23 +642,26 @@ public class RangerSystemAccessControl
   /** HELPER FUNCTIONS **/
 
   private RangerPrestoAccessRequest createAccessRequest(RangerPrestoResource resource, SystemSecurityContext context, PrestoAccessType accessType) {
-    Set<String> userGroups = null;
+	String userName = null;
+	Set<String> userGroups = null;
 
     if (useUgi) {
       UserGroupInformation ugi = UserGroupInformation.createRemoteUser(context.getIdentity().getUser());
 
+      userName = ugi.getShortUserName();
       String[] groups = ugi != null ? ugi.getGroupNames() : null;
 
       if (groups != null && groups.length > 0) {
         userGroups = new HashSet<>(Arrays.asList(groups));
       }
     } else {
+      userName = context.getIdentity().getUser();
       userGroups = context.getIdentity().getGroups();
     }
 
     RangerPrestoAccessRequest request = new RangerPrestoAccessRequest(
       resource,
-      context.getIdentity().getUser(),
+      userName,
       userGroups,
       accessType
     );