You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2020/11/16 05:06:57 UTC
[ranger] 01/03: RANGER-3035: plugin-presto: M-M user can not access
presto with right permission
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ce4de4e7e34f95f6a6df02bc1e9873fd1d423101
Author: rujia1019 <82...@163.com>
AuthorDate: Mon Oct 12 20:06:35 2020 +0800
RANGER-3035: plugin-presto: M-M user can not access presto with right permission
Signed-off-by: pradeep <pr...@apache.org>
---
.../authorization/presto/authorizer/RangerSystemAccessControl.java | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
index f4fc89d..5794a82 100644
--- a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
+++ b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
@@ -642,23 +642,26 @@ public class RangerSystemAccessControl
/** HELPER FUNCTIONS **/
private RangerPrestoAccessRequest createAccessRequest(RangerPrestoResource resource, SystemSecurityContext context, PrestoAccessType accessType) {
- Set<String> userGroups = null;
+ String userName = null;
+ Set<String> userGroups = null;
if (useUgi) {
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(context.getIdentity().getUser());
+ userName = ugi.getShortUserName();
String[] groups = ugi != null ? ugi.getGroupNames() : null;
if (groups != null && groups.length > 0) {
userGroups = new HashSet<>(Arrays.asList(groups));
}
} else {
+ userName = context.getIdentity().getUser();
userGroups = context.getIdentity().getGroups();
}
RangerPrestoAccessRequest request = new RangerPrestoAccessRequest(
resource,
- context.getIdentity().getUser(),
+ userName,
userGroups,
accessType
);