You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hawq.apache.org by "Lili Ma (JIRA)" <ji...@apache.org> on 2017/01/20 09:40:26 UTC

[jira] [Comment Edited] (HAWQ-1207) Gpadmin super user processing on ACL

    [ https://issues.apache.org/jira/browse/HAWQ-1207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831463#comment-15831463 ] 

Lili Ma edited comment on HAWQ-1207 at 1/20/17 9:40 AM:
--------------------------------------------------------

[~thebellhead] I split the stories given that they are from two aspects: catalog table and super user. 

For super user, HAWQ behavior without Ranger is that superuser can have all the privileges upon HAWQ internal tables.  We need limit the super user behavior for accessing tables create by others.

Besides this, there are a lot of super user specific behaviors for some objects. Only superuser has the rights for following operations: 
1. create cast: when function is NULL
2. create filespace
3. create/remove/alter foreign-data wrapper
4. create function: For untrusted language, only superuser can create function.
5. create/drop procedural language
6. create/drop/alter resource queue
7. create tablespace: It means the privilege to create tablespace, and only superuser can do. But the CREATE privilege for tablespace means creating database/table/index... in tablespace, which is different.
8. create external table: Only super user can create EXECUTE external web table or create an external table with a file protocol (but in HAWQ 2.0, the file protocol is not supported any more).
9. create operator class
10. copy: Only superuser can copy to or from a file. And in ranger, the superuser can not run copy to or from when he doesn't have the privilege for that table select or insert.
11. alter state of system triggers
12. some build in functions, including pg_logdir_ls, pg_ls_dir, pg_read_file, pg_reload_conf, pg_rotate_logfile, pg_signal_backend, pg_start_backup, pg_stat_file, pg_stat_get_activity, pg_stat_get_backend_activity_start, pg_stat_get_backend_activity, pg_stat_get_backend_client_addr, pg_stat_get_backend_client_port, pg_stat_get_backend_start, pg_stat_get_backend_waiting, pg_stop_backup, pg_switch_xlog, pg_stat_reset

For above operations, we'd rather keep it checked in HAWQ side if there is no other concerns.



was (Author: lilima):
[~thebellhead] I split the stories given that they are from two aspects: catalog table and super user. 

For super user, HAWQ behavior without Ranger is that superuser can have all the privileges upon HAWQ internal tables.  We need limit the super user behavior for accessing tables create by others.

Besides this, there are a lot of super user specific behaviors for some objects. Only superuser has the rights for following operations: 
1. create cast: when function is NULL
2. create filespace
3. create/remove/alter foreign-data wrapper
4. create function: For untrusted language, only superuser can create function.
5. create/drop procedural language
6. create/drop/alter resource queue
7. create tablespace: It means the privilege to create tablespace, and only superuser can do. But the CREATE privilege for tablespace means creating database/table/index... in tablespace, which is different.
8. create external table: Only super user can create EXECUTE external web table or create an external table with a file protocol (but in HAWQ 2.0, the file protocol is not supported any more).
9. create operator class
10. copy: Only superuser can copy to or from a file. And in ranger, the superuser can not run copy to or from when he doesn't have the privilege for that table select or insert.
11. alter state of system triggers
12. some build in functions, including pg_logdir_ls, pg_ls_dir, pg_read_file, pg_reload_conf, pg_rotate_logfile, pg_signal_backend, pg_start_backup, pg_stat_file, pg_stat_get_activity, pg_stat_get_backend_activity_start, pg_stat_get_backend_activity, pg_stat_get_backend_client_addr, pg_stat_get_backend_client_port, pg_stat_get_backend_start, pg_stat_get_backend_waiting, pg_stop_backup, pg_switch_xlog, pg_stat_reset

For above operations, we'd rather keep it checked in HAWQ side, if there is no other concerns.


> Gpadmin super user processing on ACL
> ------------------------------------
>
>                 Key: HAWQ-1207
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1207
>             Project: Apache HAWQ
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Lili Ma
>            Assignee: Alexander Denissov
>             Fix For: backlog
>
>
> Once we specify enable_ranger, we need process gpadmin user privileges. 
> Ideally, we should also restrict gpadmin behavior since we won't allow gpadmin to have all control on all user data. 
> During the init system period, we can let gpadmin has all the privileges on all the objects. May implement this as seed policy in Ranger plugin side.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)