Re: Ranger not executing policies...

Mon, 09 Jul 2018 21:24:26 -0700 

I think I know the issue. My plugin code is the latest 1.x, while the Ranger 
Admin is 0.7. So even though the server is sending the correct data, the 1.x 
plugin code is not able to convert it to proper object (ServicePolicies).

Let me try after downgrading my plugin version.

Bosco


On 7/9/18, 4:52 PM, "Don Bosco Durai" <bo...@apache.org> wrote:

    Hi Abhay
    
    Thanks for looking into it so quickly.
    
    Good catch on the issue. I have given public access to *,*,*. However, when 
the policies are pulled from Spark, the resources are not coming properly. I 
think, none of the resources are coming. I might have to dig deeper to see the 
root cause.
    
    I have attached 2 files. hiveServer2_brown_hive.json is downloaded by 
HiveServer2 and hiveCLI_brown_hive.json is downloaded by SparkSQL Thrift Server.
    
    hiveServer2_brown_hive.json
          "resources": {
            "database": {
              "values": [
                "*"
              ],
              "isExcludes": false,
              "isRecursive": false
            },
    
    hiveCLI_brown_hive.json
          "resources": {},
    
    Thanks
    
    Bosco
    
    
    On 7/9/18, 4:34 PM, "Abhay Kulkarni" <akulka...@hortonworks.com> wrote:
    
        Bosco,
        
        It appears from the log (lines 6, 7)  that the Trie search for resource 
(database=default) did not find any policies. Per lines 3 and 5, it looks like 
the name of the policy resource is set to 'database' instead of 'default'. 
Could you please check if the policies are correctly downloaded to the 
component?
        
        Thanks,
        -Abhay
        
        
        From: Don Bosco Durai <bo...@apache.org<mailto:bo...@apache.org>>
        Reply-To: "dev@ranger.apache.org<mailto:dev@ranger.apache.org>" 
<dev@ranger.apache.org<mailto:dev@ranger.apache.org>>
        Date: Monday, July 9, 2018 at 3:51 PM
        To: ranger <dev@ranger.apache.org<mailto:dev@ranger.apache.org>>
        Subject: Ranger not executing policies...
        
        Hi Abhay
        
        I have extended the work done by Kent Yao for supporting Ranger with 
SparkSQL ThriftServer. I managed to integrate with the Ranger master branch and 
also the Ranger authorizer code is called, but I always get denied by Ranger 
authorizer.
        
        Earlier in the logs, I can see the policies getting downloaded and also 
the local .json file is getting created. However, when the check privileges 
call is called, it seems it is not able to get it. I am not sure if custom 
class loaders are interfering. Is it possible to dump the policies when the 
authorization code is called?
        
        I have attached part of the logs. Let me know if you can guide me in 
the right direction?
        
        Thanks
        
        Bosco

Reply via email to