[
https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15382037#comment-15382037
]
Hubert Zhang commented on HAWQ-256:
-----------------------------------
[~bosco] [~Lili Ma] I skim the Authorizer code in Hive and Ranger. I found that
the behaviour of RangerHiveAuthorizer is limited.
In detail, RangerHiveAuthorizer is subclass of HiveAuthorizer(abstract
interface), but it only implemented a subset of member functions. I conclude
them as follows:
Implemented in ranger:
grantPrivileges
revokePrivileges
checkPrivileges
applyRowFilterAndColumnMasking
needTransform
filterListCmdObjects
Not implemented in ranger:
createRole
dropRole
getPrincipalGrantInfoForRole
getRoleGrantInfoForPrincipal
grantRole
revokeRole
getAllRoles
showPrivileges
getCurrentRoleNames
setCurrentRole
applyAuthorizationConfigPolicy
getHiveAuthorizationTranslator
So could I get a conclusion that when user config Hive with Ranger enabled,
uses cannot create or drop roles in Hive?
> Integrate Security with Apache Ranger
> -------------------------------------
>
> Key: HAWQ-256
> URL: https://issues.apache.org/jira/browse/HAWQ-256
> Project: Apache HAWQ
> Issue Type: New Feature
> Components: PXF, Security
> Reporter: Michael Andre Pearce (IG)
> Assignee: Lili Ma
> Fix For: backlog
>
>
> Integrate security with Apache Ranger for a unified Hadoop security solution.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
