You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by pengjianhua <pe...@zte.com.cn> on 2017/08/01 01:09:02 UTC
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
> On 七月 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On 七月 31, 2017, 2:15 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 七月 31, 2017, 2:15 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>