[jira] [Created] (HIVE-22142) Hive grantPrivileges() and revokePrivileges() api doesn't give the owner information in the HivePrivilegeObject sent in it
Ramesh Mani created HIVE-22142: -- Summary: Hive grantPrivileges() and revokePrivileges() api doesn't give the owner information in the HivePrivilegeObject sent in it Key: HIVE-22142 URL: https://issues.apache.org/jira/browse/HIVE-22142 Project: Hive Issue Type: Bug Reporter: Ramesh Mani -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (HIVE-22128) Hive filterListCmdObjects() api doesn't have the Object OWNER details to filter on it
Ramesh Mani created HIVE-22128: -- Summary: Hive filterListCmdObjects() api doesn't have the Object OWNER details to filter on it Key: HIVE-22128 URL: https://issues.apache.org/jira/browse/HIVE-22128 Project: Hive Issue Type: Bug Components: Hive Reporter: Ramesh Mani Hive filterListCmdObjects() api doesn't have the Object OWNER details to filter on it. Because of this filtering of database / table when Ranger OWNER policy is there is not working, although selecting the tables will be enforced by the Ranger OWNER policy -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (HIVE-22119) Ranger Hive authorizer to be enhanced to support Hive policies based on resource owners
Ramesh Mani created HIVE-22119: -- Summary: Ranger Hive authorizer to be enhanced to support Hive policies based on resource owners Key: HIVE-22119 URL: https://issues.apache.org/jira/browse/HIVE-22119 Project: Hive Issue Type: Bug Reporter: Ramesh Mani With changes in HIVE-21833, owner information is now made available to authorizer implementations. Ranger Hive authorizer should be updated to enable Hive policies based on resource owners - like - allow owner of a database to create tables in the database - allow owner of a table to perform all operations on the table -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Created] (HIVE-21829) HiveMetaStore authorization with AlterTable and DropTable events
Ramesh Mani created HIVE-21829: -- Summary: HiveMetaStore authorization with AlterTable and DropTable events Key: HIVE-21829 URL: https://issues.apache.org/jira/browse/HIVE-21829 Project: Hive Issue Type: Bug Components: Hive Affects Versions: 3.1.2 Reporter: Ramesh Mani Fix For: 3.1.2 With HIVE-21753, we have HiveMetastore authorizer which uses HiveAuthorizer interface to authorizer metastore events. This jira is to fix a bug in HIVE-21753 which failed to authorizer Alter and DropTable events -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (HIVE-21753) Update HiveMetastore authorization to enable use of HiveAuthorizer implementation
Ramesh Mani created HIVE-21753: -- Summary: Update HiveMetastore authorization to enable use of HiveAuthorizer implementation Key: HIVE-21753 URL: https://issues.apache.org/jira/browse/HIVE-21753 Project: Hive Issue Type: Bug Components: Hive Affects Versions: 3.1.2 Reporter: Ramesh Mani Description: Currently HMS supports authorization using StorageBasedAuthorizationProvider which relies on permissions at filesystem – like HDFS. Hive supports a pluggable authorization interface, and multiple authorizer implementations (like SQLStd, Ranger, Sentry) are available to authorizer access in Hive. Extending HiveMetastore to use the same authorization interface as Hive will enable use of pluggable authorization implementations; and will result in consistent authorization across Hive, HMS and other services that use HMS (like Spark). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (HIVE-21674) Policy Condition Evaluators existing and newly created should work in both policy level and policy item level
Ramesh Mani created HIVE-21674: -- Summary: Policy Condition Evaluators existing and newly created should work in both policy level and policy item level Key: HIVE-21674 URL: https://issues.apache.org/jira/browse/HIVE-21674 Project: Hive Issue Type: Bug Reporter: Ramesh Mani Policy Condition Evaluators existing and newly created should work in both policy level and policy item level. With the introduction of Policy Leven condition in https://issues.apache.org/jira/browse/RANGER-2354, now can set policy conditions at Policy level also. But this needs a new variable "policyCondition" to be referred if some one wants to created a new policy level condition evaluator (https://cwiki.apache.org/confluence/display/RANGER/Dynamic+Policy+Hooks+in+Ranger+-+Configure+and+Use) . Existing policy level condition also needs to be duplicated to have this new "policyCondition" to be referred. Instead on this its good to use the same "condition" variable. This will allow anyone to use the existing policy condition evaluator to be used in policy level or policy item level. Same is the case with newly created custom policy condition evaluators -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (HIVE-21562) Ranger should add service admin privilege support for hive service objects - LLAP command sets
Ramesh Mani created HIVE-21562: -- Summary: Ranger should add service admin privilege support for hive service objects - LLAP command sets Key: HIVE-21562 URL: https://issues.apache.org/jira/browse/HIVE-21562 Project: Hive Issue Type: Bug Reporter: Ramesh Mani Ranger should add service admin privilege support for hive service objects - LLAP command sets Functionality for workload management commands being added in Hive with HIVE-17481 and HIVE-19033 -- This message was sent by Atlassian JIRA (v7.6.3#76005)