You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by "Liu Xun (Jira)" <ji...@apache.org> on 2019/12/14 03:43:00 UTC

[jira] [Updated] (SUBMARINE-320) Integrate apache ranger in submarine metastore module

     [ https://issues.apache.org/jira/browse/SUBMARINE-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Liu Xun updated SUBMARINE-320:
------------------------------
    Description: 
The submarine commons metastore module now provides meta services through the REST interface through the metastore integrated with Hive.

Now you need to integrate the apache ranger in the submarine commons metastore module. When the user accesses the REST interface, check whether the user has access to the meta.

For example, when a user executes show database / table, only the database / table to which the user has permissions can be returned.

Apache ranger is divided into three parts: ranger-server, ranger-mysql and ranger-plugin.
1. ranger-server.jar provides the function of setting permissions. We can save the user's permissions to the ranger-mysql database through ranger-server.jar.
2. ranger-mysql uses the ranger table structure.
3. The ranger-plugin obtains permissions through the interface of the ranger-server.
4. ranger-plugin.jar is integrated in the submarine commons metastore module. When users access metadata through the submarine commons metastore interface, they must first pass the ranger-plugin.jar check or filter permissions.

{color:red}Please note that we only integrate the jar package of ranger, not start the service process of ranger.{color}

  was:
The submarine commons metastore module now provides meta services through the REST interface through the metastore integrated with Hive.

Now you need to integrate the apache ranger in the submarine commons metastore module. When the user accesses the REST interface, check whether the user has access to the meta.

For example, when a user executes show database / table, only the database / table to which the user has permissions can be returned.

Apache ranger is divided into three parts: ranger-server, ranger-mysql and ranger-plugin.
1. ranger-server.jar provides the function of setting permissions. We can save the user's permissions to the ranger-mysql database through ranger-server.jar.
2. ranger-mysql uses the ranger table structure.
3. The ranger-plugin obtains permissions through the interface of the ranger-server.
4. ranger-plugin.jar is integrated in the submarine commons metastore module. When users access metadata through the submarine commons metastore interface, they must first pass the ranger-plugin.jar check or filter permissions.


> Integrate apache ranger in submarine metastore module
> -----------------------------------------------------
>
>                 Key: SUBMARINE-320
>                 URL: https://issues.apache.org/jira/browse/SUBMARINE-320
>             Project: Apache Submarine
>          Issue Type: Sub-task
>          Components: Submarine Commons
>            Reporter: Liu Xun
>            Assignee: qiwei huang
>            Priority: Major
>             Fix For: 0.3.0
>
>
> The submarine commons metastore module now provides meta services through the REST interface through the metastore integrated with Hive.
> Now you need to integrate the apache ranger in the submarine commons metastore module. When the user accesses the REST interface, check whether the user has access to the meta.
> For example, when a user executes show database / table, only the database / table to which the user has permissions can be returned.
> Apache ranger is divided into three parts: ranger-server, ranger-mysql and ranger-plugin.
> 1. ranger-server.jar provides the function of setting permissions. We can save the user's permissions to the ranger-mysql database through ranger-server.jar.
> 2. ranger-mysql uses the ranger table structure.
> 3. The ranger-plugin obtains permissions through the interface of the ranger-server.
> 4. ranger-plugin.jar is integrated in the submarine commons metastore module. When users access metadata through the submarine commons metastore interface, they must first pass the ranger-plugin.jar check or filter permissions.
> {color:red}Please note that we only integrate the jar package of ranger, not start the service process of ranger.{color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org