[
https://issues.apache.org/jira/browse/HAWQ-1207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15731861#comment-15731861
]
Alastair "Bell" Turner commented on HAWQ-1207:
----------------------------------------------
This and HAWQ-1206 are two sides of the same issue. That issue is how to
identify which tables are subject to external access controls (Ranger or
impersonation) and which are subject to HAWQ's internal access controls. Those
where access is controlled internally will be accessible to gpadmin and any
which are externally managed won't. The distinction may be as simple as system
vs user tables.
I would suggest merging this and HAWQ-1206 into one ticket to cover both
aspects of issue since the solution may be common.
> Gpadmin super user processing on ACL
> ------------------------------------
>
> Key: HAWQ-1207
> URL: https://issues.apache.org/jira/browse/HAWQ-1207
> Project: Apache HAWQ
> Issue Type: Sub-task
> Components: Security
> Reporter: Lili Ma
> Assignee: Alexander Denissov
> Fix For: backlog
>
>
> Once we specify enable_ranger, we need process gpadmin user privileges.
> Ideally, we should also restrict gpadmin behavior since we won't allow
> gpadmin to have all control on all user data.
> During the init system period, we can let gpadmin has all the privileges on
> all the objects. May implement this as seed policy in Ranger plugin side.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
