You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "sooyeon shin (Jira)" <ji...@apache.org> on 2021/01/18 10:17:00 UTC

[jira] [Commented] (RANGER-3142) Access control based on groups not working for presto plugin

    [ https://issues.apache.org/jira/browse/RANGER-3142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17267146#comment-17267146 ] 

sooyeon shin commented on RANGER-3142:
--------------------------------------

Hello [~anchal.agarwal]

I had the same problem with trino(aka presto sql) v344 and ranger v2.1.0.
As a workaround, i used "roles" instead of "groups".
I hope it helps.

> Access control based on groups not working for presto plugin 
> -------------------------------------------------------------
>
>                 Key: RANGER-3142
>                 URL: https://issues.apache.org/jira/browse/RANGER-3142
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 2.1.0
>         Environment: ranger-2.1.0-presto-plugin.tar.gz
> presto-server-347.tar.gz
>            Reporter: Anchal Agarwal
>            Assignee: Pradeep Agrawal
>            Priority: Major
>
> I'm using ranger-2.1.0 for access control in prestosql-347.
> A policy with user list in 'allow conditions' works i.e. if I connect to presto with a user in the allowed list, my query returns the expected results.
> But instead of users, if I use group in the policy and try accessing presto with a user belonging to that group, then I'm denied access.
> {code:java}
> %presto
> show tables in default
> Query failed (#20210106_032741_00000_dddsy): Access Denied: Cannot access catalog hive
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)