You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Jiayi Liu <li...@gmail.com> on 2020/01/30 12:45:29 UTC
Review Request 72061: RANGER-2716: Add catalogs/schemas/tables filter
in presto plugin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72061/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor Gegesy.
Bugs: RANGER-2716
https://issues.apache.org/jira/browse/RANGER-2716
Repository: ranger
Description
-------
Presto plugin returns the input set of catalogs/schemas/tables directly at present. However, this causes a problem, that is, when the user uses show catalogs/schemas/tables, all catalogs/schemas/tables are displayed, even though the user does not have the permissions to display all catalogs/schemas/tables.
We need to fix the filterCatalogs/Schemas/Tables functions to filter catalogs/schemas/tables, so that the user can only see the catalogs/schemas/tables in which the user has SELECT permission.
Diffs
-----
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java 3ab63f590
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java e89f646e1
Diff: https://reviews.apache.org/r/72061/diff/1/
Testing
-------
show catalogs/schemas/tables only display the catalogs/schemas/tables in which the user has SELECT permission.
Thanks,
Jiayi Liu
Re: Review Request 72061: RANGER-2716: Add catalogs/schemas/tables
filter in presto plugin
Posted by Jiayi Liu <li...@gmail.com>.
> On 四月 10, 2020, 6:38 a.m., Madhan Neethiraj wrote:
> > ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
> > Line 106 (original), 106 (patched)
> > <https://reviews.apache.org/r/72061/diff/1/?file=2210036#file2210036line106>
> >
> > deactivatePluginClassLoader() should be called before the shim method returns - as shown below:
> >
> > try {
> > activatePluginClassLoader();
> >
> > return systemAccessControlImpl.filterCatalogs(identity, catalogs);
> > } finally {
> > deactivatePluginClassLoader();
> > }
> >
> > Please review and update other methods as well (#167,#229).
OK, I will fix this.
- Jiayi
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72061/#review220277
-----------------------------------------------------------
On 四月 23, 2020, 3:23 a.m., Jiayi Liu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72061/
> -----------------------------------------------------------
>
> (Updated 四月 23, 2020, 3:23 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor Gegesy.
>
>
> Bugs: RANGER-2716
> https://issues.apache.org/jira/browse/RANGER-2716
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Presto plugin returns the input set of catalogs/schemas/tables directly at present. However, this causes a problem, that is, when the user uses show catalogs/schemas/tables, all catalogs/schemas/tables are displayed, even though the user does not have the permissions to display all catalogs/schemas/tables.
>
> We need to fix the filterCatalogs/Schemas/Tables functions to filter catalogs/schemas/tables, so that the user can only see the catalogs/schemas/tables in which the user has SELECT permission.
>
>
> Diffs
> -----
>
> plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java 3ab63f590
> ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java e89f646e1
>
>
> Diff: https://reviews.apache.org/r/72061/diff/2/
>
>
> Testing
> -------
>
> show catalogs/schemas/tables only display the catalogs/schemas/tables in which the user has SELECT permission.
>
>
> Thanks,
>
> Jiayi Liu
>
>
Re: Review Request 72061: RANGER-2716: Add catalogs/schemas/tables
filter in presto plugin
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72061/#review220277
-----------------------------------------------------------
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
Line 106 (original), 106 (patched)
<https://reviews.apache.org/r/72061/#comment308612>
deactivatePluginClassLoader() should be called before the shim method returns - as shown below:
try {
activatePluginClassLoader();
return systemAccessControlImpl.filterCatalogs(identity, catalogs);
} finally {
deactivatePluginClassLoader();
}
Please review and update other methods as well (#167,#229).
- Madhan Neethiraj
On Jan. 30, 2020, 12:45 p.m., Jiayi Liu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72061/
> -----------------------------------------------------------
>
> (Updated Jan. 30, 2020, 12:45 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor Gegesy.
>
>
> Bugs: RANGER-2716
> https://issues.apache.org/jira/browse/RANGER-2716
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Presto plugin returns the input set of catalogs/schemas/tables directly at present. However, this causes a problem, that is, when the user uses show catalogs/schemas/tables, all catalogs/schemas/tables are displayed, even though the user does not have the permissions to display all catalogs/schemas/tables.
>
> We need to fix the filterCatalogs/Schemas/Tables functions to filter catalogs/schemas/tables, so that the user can only see the catalogs/schemas/tables in which the user has SELECT permission.
>
>
> Diffs
> -----
>
> plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java 3ab63f590
> ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java e89f646e1
>
>
> Diff: https://reviews.apache.org/r/72061/diff/1/
>
>
> Testing
> -------
>
> show catalogs/schemas/tables only display the catalogs/schemas/tables in which the user has SELECT permission.
>
>
> Thanks,
>
> Jiayi Liu
>
>
Re: Review Request 72061: RANGER-2716: Add catalogs/schemas/tables
filter in presto plugin
Posted by Jiayi Liu <li...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72061/
-----------------------------------------------------------
(Updated 四月 23, 2020, 3:23 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor Gegesy.
Bugs: RANGER-2716
https://issues.apache.org/jira/browse/RANGER-2716
Repository: ranger
Description
-------
Presto plugin returns the input set of catalogs/schemas/tables directly at present. However, this causes a problem, that is, when the user uses show catalogs/schemas/tables, all catalogs/schemas/tables are displayed, even though the user does not have the permissions to display all catalogs/schemas/tables.
We need to fix the filterCatalogs/Schemas/Tables functions to filter catalogs/schemas/tables, so that the user can only see the catalogs/schemas/tables in which the user has SELECT permission.
Diffs (updated)
-----
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java 3ab63f590
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java e89f646e1
Diff: https://reviews.apache.org/r/72061/diff/2/
Changes: https://reviews.apache.org/r/72061/diff/1-2/
Testing
-------
show catalogs/schemas/tables only display the catalogs/schemas/tables in which the user has SELECT permission.
Thanks,
Jiayi Liu
Re: Review Request 72061: RANGER-2716: Add catalogs/schemas/tables
filter in presto plugin
Posted by Jiayi Liu <li...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72061/
-----------------------------------------------------------
(Updated 四月 23, 2020, 3:21 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor Gegesy.
Bugs: RANGER-2716
https://issues.apache.org/jira/browse/RANGER-2716
Repository: ranger
Description
-------
Presto plugin returns the input set of catalogs/schemas/tables directly at present. However, this causes a problem, that is, when the user uses show catalogs/schemas/tables, all catalogs/schemas/tables are displayed, even though the user does not have the permissions to display all catalogs/schemas/tables.
We need to fix the filterCatalogs/Schemas/Tables functions to filter catalogs/schemas/tables, so that the user can only see the catalogs/schemas/tables in which the user has SELECT permission.
Diffs
-----
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java 3ab63f590
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java e89f646e1
Diff: https://reviews.apache.org/r/72061/diff/1/
Testing
-------
show catalogs/schemas/tables only display the catalogs/schemas/tables in which the user has SELECT permission.
File Attachments (updated)
----------------
0002-RANGER-2716.patch
https://reviews.apache.org/media/uploaded/files/2020/04/23/c8100704-4d07-4193-b8ae-9ba40f7d42d2__0002-RANGER-2716.patch
Thanks,
Jiayi Liu