[
https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonas Hartwig updated RANGER-3985:
----------------------------------
Description: The ranger rules to create tables in Trino only check schema
level on create. They should check by table name as well. It easily get
inconsistent, if users or groups are allowed to read, drop and alter certain
tables like t_<user>_* but may create any. So rules to create all tables should
then be catalog/schema/* (was: The ranger rules to create tables in Trino only
check data base level on create. They should check by table name as well. It
easily get inconsistent, if users or groups are allowed to read, drop and alter
certain tables like t_<user>_* but may create any.
At the moment, the same rule is used to check if a schema can be created for
table creation)
> Trino plugin: Check table name when creating tables
> ---------------------------------------------------
>
> Key: RANGER-3985
> URL: https://issues.apache.org/jira/browse/RANGER-3985
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 2.3.0
> Reporter: Jonas Hartwig
> Priority: Major
> Fix For: 2.4.0
>
>
> The ranger rules to create tables in Trino only check schema level on create.
> They should check by table name as well. It easily get inconsistent, if users
> or groups are allowed to read, drop and alter certain tables like t_<user>_*
> but may create any. So rules to create all tables should then be
> catalog/schema/*
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
