[
https://issues.apache.org/jira/browse/SUBMARINE-411?focusedWorklogId=400002&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-400002
]
ASF GitHub Bot logged work on SUBMARINE-411:
--------------------------------------------
Author: ASF GitHub Bot
Created on: 09/Mar/20 08:16
Start Date: 09/Mar/20 08:16
Worklog Time Spent: 10m
Work Description: yaooqinn commented on pull request #211: SUBMARINE-411.
Basic SQL Standard Authorization ACL Management for Spark
URL: https://github.com/apache/submarine/pull/211
### What is this PR for?
This pr aims to provide submarine spark jobs with ACL Management abilities.
In this pr, we create
1) a plugin that can talk to Apache Ranger Admin directly for privilege
policies
2) a Spark SQL optimizer rule that can be injected to spark jobs with the
flag - spark.sql.extensions
3) the privilege check happens in the Spark SQL Optimizer meets a resource
e.g. a database, table, etc. If the user has the privilege for the resource he
or she accesses, we return the original spark plan and let it continue,
otherwise, an exception will be raised
The previous work can be found, this pr bring the ACL only and will do
others in follow-ups
- https://github.com/yaooqinn/spark-authorizer
- https://github.com/yaooqinn/spark-ranger
### What type of PR is it?
feature
### Todos
* [ ] - Show Databases/Tables with filtered objects
* [ ] - Row-level filtering
* [ ] - Datamasking filtering
### What is the Jira issue?
https://issues.apache.org/jira/browse/SUBMARINE-411
### How should this be tested?
* First time? Setup Travis CI as described on
https://submarine.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
Add Unit test and enable Travis jobs
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Yes, will do after finish all todos
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 400002)
Remaining Estimate: 0h
Time Spent: 10m
> Basic SQL Standard Authorization ACL Management for Spark
> ---------------------------------------------------------
>
> Key: SUBMARINE-411
> URL: https://issues.apache.org/jira/browse/SUBMARINE-411
> Project: Apache Submarine
> Issue Type: Sub-task
> Components: Security
> Reporter: Kent Yao
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Add a Column-level ACL management plugin for Spark SQL jobs
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org
