You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Wenkang-xu (via GitHub)" <gi...@apache.org> on 2023/04/10 03:13:50 UTC
[GitHub] [ranger] Wenkang-xu commented on pull request #243: fix: mismatch the value of access_type and action
Wenkang-xu commented on PR #243:
URL: https://github.com/apache/ranger/pull/243#issuecomment-1501338966
Look at the picture above, the first picture shows some hive audit logs, the second picture shows some prestodb audit logs.
### explain the problem
We know Permission on the web page is the Operation Type [[this.setAction(hiveOpTypeName);](https://github.com/apache/ranger/blob/b9d24af9f93053b70a5c692be13aa212b3e0fb26/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java)] which doesn't contain "select"([See this](https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java)). For example: HiveAccessType.SELECT can reference many Operation Type, like QUERY, SHOWPARTITIONS etc. You can find in [this code](https://github.com/apache/ranger/blob/7901d88e2aeac1d515581a0e987e7d4318da78b1/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java).
Therefore we can clearly judge that mismatch the value between Access Type and Action.
### Test my code
After I changed the code which is my submit and repackaged it, the web page show autit logs as I expected.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@ranger.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org