You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2021/12/03 08:05:05 UTC
Review Request 73737: RANGER-3298:Add coarse URI check for Hive Agent
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73737/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3298
https://issues.apache.org/jira/browse/RANGER-3298
Repository: ranger
Description
-------
RANGER-3298:Add coarse URI check for Hive Agent
Diffs
-----
agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java 31e4c0f4e8
hive-agent/conf/ranger-hive-security.xml 3a5fc54cda
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java e145ea2996
Diff: https://reviews.apache.org/r/73737/diff/1/
Testing
-------
- Verified in a cluster CREATE EXTERNAL TABLE with location point to HDFS location with large number of folders and file
- Without this patch and when HIVE URL policy is not enabled / present CREATE EXTERNAL TABLE create takes a lot of time as RangerHiveAuthorize authorizes all the folder, subfolder and files in it.
- With this patch with no URL policy and having xasecure.hive.uri.permission.coarse.check=true, CREATE EXTERNAL TABLE is quicker as the recursive checks are avoided.
Thanks,
Ramesh Mani
Re: Review Request 73737: RANGER-3298:Add coarse URI check for Hive Agent
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73737/#review223813
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Dec. 3, 2021, 8:05 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73737/
> -----------------------------------------------------------
>
> (Updated Dec. 3, 2021, 8:05 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3298
> https://issues.apache.org/jira/browse/RANGER-3298
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-3298:Add coarse URI check for Hive Agent
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java 31e4c0f4e8
> hive-agent/conf/ranger-hive-security.xml 3a5fc54cda
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java e145ea2996
>
>
> Diff: https://reviews.apache.org/r/73737/diff/1/
>
>
> Testing
> -------
>
> - Verified in a cluster CREATE EXTERNAL TABLE with location point to HDFS location with large number of folders and file
> - Without this patch and when HIVE URL policy is not enabled / present CREATE EXTERNAL TABLE create takes a lot of time as RangerHiveAuthorize authorizes all the folder, subfolder and files in it.
> - With this patch with no URL policy and having xasecure.hive.uri.permission.coarse.check=true, CREATE EXTERNAL TABLE is quicker as the recursive checks are avoided.
>
>
> Thanks,
>
> Ramesh Mani
>
>