[ https://issues.apache.org/jira/browse/IMPALA-12578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fang-Yu Rao updated IMPALA-12578: --------------------------------- Description: Starting from RANGER-1200, Ranger supports the notion of the OWNER user, which allows each user to perform any operation on the resources owned by it. This avoids the need for creating a new policy that grants the OWNER user the privileges on every newly created resource. Refer to [apache-ranger-policy-model|https://blogsarchive.apache.org/ranger/entry/apache-ranger-policy-model#:~:text=allow%20each%20user%20to%20access%20all,all]. Currently for the GRANT and REVOKE statements, Impala does not pass the owner of the resource to the Ranger plug-in and thus a non-administrative user could not grant/revoke privileges on a resource to/from another user even though this non-administrative user owns the resource. We should pass the ownership information to the Ranger plug-in to make authorization management easier in Impala. was: Starting from RANGER-1200, Ranger supports the notion of the OWNER user, which allows each user to perform any operation on the resources owned by them. This avoids the need for creating a new policy that grants the OWNER user the privileges on every newly created resource. Refer to [apache-ranger-policy-model|https://blogsarchive.apache.org/ranger/entry/apache-ranger-policy-model#:~:text=allow%20each%20user%20to%20access%20all,all]. Currently for the GRANT and REVOKE statements, Impala does not pass the owner of the resource to the Ranger plug-in and thus a non-administrative user could not grant/revoke privileges on a resource to/from another user even though this non-administrative user owns the resource. We should pass the ownership information to the Ranger plug-in to make authorization management easier in Impala. > Pass the owner user to the Ranger plug-in in GRANT and REVOKE statements > ------------------------------------------------------------------------ > > Key: IMPALA-12578 > URL: https://issues.apache.org/jira/browse/IMPALA-12578 > Project: IMPALA > Issue Type: New Feature > Reporter: Fang-Yu Rao > Assignee: Fang-Yu Rao > Priority: Major > > Starting from RANGER-1200, Ranger supports the notion of the OWNER user, > which allows each user to perform any operation on the resources owned by it. > This avoids the need for creating a new policy that grants the OWNER user the > privileges on every newly created resource. Refer to > [apache-ranger-policy-model|https://blogsarchive.apache.org/ranger/entry/apache-ranger-policy-model#:~:text=allow%20each%20user%20to%20access%20all,all]. > Currently for the GRANT and REVOKE statements, Impala does not pass the owner > of the resource to the Ranger plug-in and thus a non-administrative user > could not grant/revoke privileges on a resource to/from another user even > though this non-administrative user owns the resource. We should pass the > ownership information to the Ranger plug-in to make authorization management > easier in Impala. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org