[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3985: Labels: Trino (was: ) > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Labels: Trino > Fix For: 3.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > The ranger rules to create tables in Trino currently check schema level to > create. > If this is set, anyone can create any table/view. There is no way to limit > the naming of tables. > However e.g. drop, alter rights are granted on table level. So user might > create any table, but not remove them. > To allow a more strict implementation view/table creation should verify table > name as well. > In that case the previous behaviour can be created by adding a rule to allow > create on catalog/schema/*. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Selvamohan Neethiraj updated RANGER-3985: - Fix Version/s: 3.0.0 (was: 2.4.0) > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 3.0.0 > > > The ranger rules to create tables in Trino currently check schema level to > create. > If this is set, anyone can create any table/view. There is no way to limit > the naming of tables. > However e.g. drop, alter rights are granted on table level. So user might > create any table, but not remove them. > To allow a more strict implementation view/table creation should verify table > name as well. > In that case the previous behaviour can be created by adding a rule to allow > create on catalog/schema/*. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Description: The ranger rules to create tables in Trino currently check schema level to create. If this is set, anyone can create any table/view. There is no way to limit the naming of tables. However e.g. drop, alter rights are granted on table level. So user might create any table, but not remove them. To allow a more strict implementation view/table creation should verify table name as well. In that case the previous behaviour can be created by adding a rule to allow create on catalog/schema/*. was:The ranger rules to create tables in Trino only check schema level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. So rules to create all tables should then be catalog/schema/* > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino currently check schema level to > create. > If this is set, anyone can create any table/view. There is no way to limit > the naming of tables. > However e.g. drop, alter rights are granted on table level. So user might > create any table, but not remove them. > To allow a more strict implementation view/table creation should verify table > name as well. > In that case the previous behaviour can be created by adding a rule to allow > create on catalog/schema/*. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Description: The ranger rules to create tables in Trino only check schema level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. So rules to create all tables should then be catalog/schema/* (was: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. At the moment, the same rule is used to check if a schema can be created for table creation) > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino only check schema level on create. > They should check by table name as well. It easily get inconsistent, if users > or groups are allowed to read, drop and alter certain tables like t__* > but may create any. So rules to create all tables should then be > catalog/schema/* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Description: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. At the moment, the same rule is used to check if a schema can be created for table creation was: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. At the moment, the same rule is used to check if a catalog can be created for table creation > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino only check data base level on > create. They should check by table name as well. It easily get inconsistent, > if users or groups are allowed to read, drop and alter certain tables like > t__* but may create any. > > At the moment, the same rule is used to check if a schema can be created for > table creation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Description: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. At the moment, the same rule is used to check if a catalog can be created for table creation was:The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino only check data base level on > create. They should check by table name as well. It easily get inconsistent, > if users or groups are allowed to read, drop and alter certain tables like > t__* but may create any. > > At the moment, the same rule is used to check if a catalog can be created for > table creation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Description: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. It easily get inconsistent, if users or groups are allowed to read, drop and alter certain tables like t__* but may create any. (was: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well.) > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino only check data base level on > create. They should check by table name as well. It easily get inconsistent, > if users or groups are allowed to read, drop and alter certain tables like > t__* but may create any. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-3985) Trino plugin: Check table name when creating tables
[ https://issues.apache.org/jira/browse/RANGER-3985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonas Hartwig updated RANGER-3985: -- Fix Version/s: 2.4.0 (was: 3.0.0) Description: The ranger rules to create tables in Trino only check data base level on create. They should check by table name as well. (was: From version 390 onwards, trino have started using JDK17 and from trino version 393 onwards the language level will also be updated to JDK17. Therefore trino plugin needs to be updated) > Trino plugin: Check table name when creating tables > --- > > Key: RANGER-3985 > URL: https://issues.apache.org/jira/browse/RANGER-3985 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.3.0 >Reporter: Jonas Hartwig >Priority: Major > Fix For: 2.4.0 > > > The ranger rules to create tables in Trino only check data base level on > create. They should check by table name as well. -- This message was sent by Atlassian Jira (v8.20.10#820010)
