[
https://issues.apache.org/jira/browse/RANGER-2389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-2389:
--------------------------------
Description:
1) Hive KILL Query
With the HIVE-17483 JIRA, Hive has introduced a way to kill query <id> and in
hive its a privileged action for Hive Admin Role. In order for the Ranger Hive
Authorizer to support authorization, we need to enhance the ranger hive
authorizer. Current Hive implementation is to Kill Query in a HiveService which
can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped into NAME
SPACEs and kill query can be run against them. When HiveServer2/LLAP Ranger
Plugin sends the request to Ranger for Authorization, it will be sending the
HIVE SERVICE in the context with the COMMAND that is executed.
With all the details proposal is to have
1) In Ranger Hive Service Definition, we will have a new Resource "Hive
Service" to authorize.
2) In Ranger Hive Permission Model, we will have a new Permission "Service
Admin" to group Kill Query operation.
"Service Admin" permission will enable hive ranger plugin to isolate various
admin operations in this case "Kill Query" and in future if hive introduces
other operations which are done at "HIVE SERVICE level" , group them under this
and authorize.
"Service Admin" won't be able to do DATABASE / TABLE / COLUMN operations as
this will all be taken care by the existing DATABASE/TABLE/COLUMN level
permission model.
2) Replication Command
Hive has enhanced it authorization for Replication Task
https://issues.apache.org/jira/browse/HIVE-17005. The proposal from Ranger side
is to have "Repl Admin" permission in RangerHive privilege model and command
REPL DUMP and REPL LOAD should be authorized for the users with "ReplAdmin"
privilege on Database / Table level.
For REPL STATUS command, the user should have SELECT privilege on the Database/
Table Level.
was:
1) Hive KILL Query
With the HIVE-17483 JIRA, Hive has introduced a way to kill query <id> and in
hive its a privileged action for Hive Admin Role. In order for the Ranger Hive
Authorizer to support authorization, we need to enhance the ranger hive
authorizer. Current Hive implementation is to Kill Query in a HiveService which
can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped into NAME
SPACEs and kill query can be run against them. When HiveServer2/LLAP Ranger
Plugin sends the request to Ranger for Authorization, it will be sending the
HIVE SERVICE in the context with the COMMAND that is executed.
With all the details proposal is to have
1) In Ranger Hive Service Definition, we will have a new Resource "Hive
Service" to authorize.
2) In Ranger Hive Permission Model, we will have a new Permission "Service
Admin" to group Kill Query operation.
"Service Admin" permission will enable hive ranger plugin to isolate various
admin operations in this case "Kill Query" and in future if hive introduces
other operations which are done at "HIVE SERVICE level" , group them under this
and authorize.
"Service Admin" won't be able to do DATABASE / TABLE / COLUMN operations as
this will all be taken care by the existing DATABASE/TABLE/COLUMN level
permission model.
2) Replication Command
Hive has enhanced it authorization for Replication Task
https://issues.apache.org/jira/browse/HIVE-17005. The proposal from Ranger side
is to have "Repl Admin" permission in RangerHive privilege model and command
REPL DUMP and REPL LOAD should be authorized for the users with "Admin"
privilege on Database / Table level.
For REPL STATUS command, the user should have SELECT privilege on the Database/
Table Level.
> Ranger Hive Plugin enhancement for KILL query and Replication commands
> authorization
> ------------------------------------------------------------------------------------
>
> Key: RANGER-2389
> URL: https://issues.apache.org/jira/browse/RANGER-2389
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Ramesh Mani
> Priority: Major
>
> 1) Hive KILL Query
> With the HIVE-17483 JIRA, Hive has introduced a way to kill query <id> and in
> hive its a privileged action for Hive Admin Role. In order for the Ranger
> Hive Authorizer to support authorization, we need to enhance the ranger hive
> authorizer. Current Hive implementation is to Kill Query in a HiveService
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped
> into NAME SPACEs and kill query can be run against them. When
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization,
> it will be sending the HIVE SERVICE in the context with the COMMAND that is
> executed.
> With all the details proposal is to have
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service
> Admin" to group Kill Query operation.
> "Service Admin" permission will enable hive ranger plugin to isolate various
> admin operations in this case "Kill Query" and in future if hive introduces
> other operations which are done at "HIVE SERVICE level" , group them under
> this and authorize.
> "Service Admin" won't be able to do DATABASE / TABLE / COLUMN operations as
> this will all be taken care by the existing DATABASE/TABLE/COLUMN level
> permission model.
> 2) Replication Command
> Hive has enhanced it authorization for Replication Task
> https://issues.apache.org/jira/browse/HIVE-17005. The proposal from Ranger
> side is to have "Repl Admin" permission in RangerHive privilege model and
> command REPL DUMP and REPL LOAD should be authorized for the users with
> "ReplAdmin" privilege on Database / Table level.
> For REPL STATUS command, the user should have SELECT privilege on the
> Database/ Table Level.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
