[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15420550#comment-15420550 ]
Hubert Zhang edited comment on HAWQ-256 at 8/15/16 1:40 AM: ------------------------------------------------------------ [~bosco]You suggest to replace Application(HAWQ) default ACL from application internal to Ranger policy too. It's another way to handle this problem. I have two questions: 1 Group "public" is a default internal type group in Ranger, I wonder whether the users synced from ldap belong to group "public" automatically? 2 Ranger 0.6 introduces deny condition, So even if a user inherits default privilege from group "public", It can also be revoked with specific deny operation. But how about Ranger 0.5? One method is to remove the user from "public" group. But the limitation of this method is that we have to create "public" group for each resource, and assign the new users(synced from ldap) to this group. was (Author: hubertzhang): [~bosco]You suggest to replace Application(HAWQ) default ACL from application internal to Ranger policy too. It's another way to handle this problem. I have two questions: 1 Group "public" is a default internal type group in Ranger, I wonder whether the users synced from ldap belong to group "public" 2 Ranger 0.6 introduces deny condition, So even if a user inherits default privilege from group "public", It can also be revoked with specific deny operation. But how about Ranger 0.5? One method is to remove the user from "public" group. But the limitation of this method is that we have to create "public" group for each resource, and assign the new users(synced from ldap) to this group. > Integrate Security with Apache Ranger > ------------------------------------- > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security > Reporter: Michael Andre Pearce (IG) > Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)