[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418598#comment-15418598 ]
Hubert Zhang edited comment on HAWQ-256 at 8/12/16 9:48 AM: ------------------------------------------------------------ [~bosco] [~vineetgoel] [~lilima][~wlin] We revisited the HAWQ aclcheck related code, and found that in HAWQ support default acl check. When there is no acl information stored in an object(database, table...) catalog, different objects will have different default behaviours to do acl check. But in our original REST-API design, the checkPrivileges API return bool(allow or deny) which lacks a state of unknown to do default acl check. Here 'unknown' means there is no record in ranger about this request. So we propose two ways to handle this issue. 1 Set the type of return value of checkPrivileges to integer, 0 for deny, 1 for allow, 2 for unknown 2 Add another REST-API, isPrivilegeExist(). Any suggestion for which solution is better ? was (Author: hubertzhang): [~bosco] [~vineetgoel] [~lilima][~wlin] We revisited the HAWQ aclcheck related code, and found that in HAWQ support default ack check. When there is no acl information stored in an object(database, table...) catalog, different objects will have different default behaviours to do acl check. But in our original REST-API design, the checkPrivileges API return bool(allow or deny) which lacks a state of unknown to do default acl check. Here 'unknown' means there is no record in ranger about this request. So we propose two ways to handle this issue. 1 Set the type of return value of checkPrivileges to integer, 0 for deny, 1 for allow, 2 for unknown 2 Add another REST-API, isPrivilegeExist(). Any suggestion for which solution is better ? > Integrate Security with Apache Ranger > ------------------------------------- > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security > Reporter: Michael Andre Pearce (IG) > Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)