[Impala-ASF-CR] IMPALA-8363: Deny access when column masking or row filtering is enabled in Ranger

Thu, 04 Apr 2019 13:09:02 -0700 

Fredy Wijaya has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/12927 )

Change subject: IMPALA-8363: Deny access when column masking or row filtering 
is enabled in Ranger
......................................................................


Patch Set 3:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java
File 
fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java:

http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@70
PS2, Line 70:
> Wouldn't this represent a column and not a table?
Done


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@246
PS2, Line 246:       List<Expr> exprs = Collections.singletonList(((DeleteStmt) 
stmt).getWhereClause());
> So you're iterating over the `Table` which is actually more like a `Column`
For row filter, we don't need to care for columns. My next PS handles the 
duplicate entries.


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@269
PS2, Line 269:     for (RangerAccessResourceImpl resource: colMaskTables) {
> Is this getting the tables or the columns?
Updated in the next PS.


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@279
PS2, Line 279:   /**
> If it is a complex type do you need to parse the complex type for more pote
I think Ranger doesn't support column masking with complex types.



--
To view, visit http://gerrit.cloudera.org:8080/12927
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If46b4bf24d916e4a4ea8a36ff4acfd95d5f45c8e
Gerrit-Change-Number: 12927
Gerrit-PatchSet: 3
Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Austin Nobis <ano...@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-Comment-Date: Thu, 04 Apr 2019 19:59:02 +0000
Gerrit-HasComments: Yes

Reply via email to