> On Nov. 27, 2019, 11:34 p.m., Ramesh Mani wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > > Lines 895 (patched) > > <https://reviews.apache.org/r/71839/diff/1/?file=2179621#file2179621line895> > > > > Yes that is needed. Just having 'any' permission in the request for > > show tables / views resulting in evaluation of a DATABASE policy allowing > > this access. > > > > Expectation is that there should be a table level policy with "SELECT" > > permission giving access to those tables and views.
Requiring 'select' permission at the table level (i.e. all columns of the table) doesn't look right. Shouldn't the table be included in the following cases? - user having 'select' permission to only some columns of the table i.e. not all columns - user not having 'select' permission on the table, but other permissions like create/alter/drop - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71839/#review218835 ----------------------------------------------------------- On Nov. 27, 2019, 5:53 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71839/ > ----------------------------------------------------------- > > (Updated Nov. 27, 2019, 5:53 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2656 > https://issues.apache.org/jira/browse/RANGER-2656 > > > Repository: ranger > > > Description > ------- > > RANGER-2656:RangerHiveAuthorizer filterListCmdObjects failed to filter > database / tables when HMS calls the authorizer for filtering > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > b80f1bd > > > Diff: https://reviews.apache.org/r/71839/diff/1/ > > > Testing > ------- > > Verified in Local VM. > 1) Show database and Show table via spark shell to invoke HMS api works as > expected. > > > Thanks, > > Ramesh Mani > >
