hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hive QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-21833) Ranger Authorization in Hive based on object ownership
Date Wed, 12 Jun 2019 13:57:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-21833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16862122#comment-16862122
] 

Hive QA commented on HIVE-21833:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12971503/HIVE-21833.8.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 45 failed/errored test(s), 16021 tests executed
*Failed tests:*
{noformat}
TestDataSourceProviderFactory - did not produce a TEST-*.xml file (likely timed out) (batchId=232)
TestObjectStore - did not produce a TEST-*.xml file (likely timed out) (batchId=232)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_addpartition]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_db_owner]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_db_owner_default]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_drop_ptn]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_table_exchange_partition_fail2]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_table_exchange_partition_fail]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_macro1]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_tbl] (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_view]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_createview] (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_ctas2] (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_ctas] (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_delete_nodeletepriv]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_desc_table_nosel]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_drop_db_cascade]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_drop_db_empty]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_droppartition]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_explain] (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insert_noinspriv]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insert_noselectpriv]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insertoverwrite_nodel]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insertpart_noinspriv]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_msck] (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_alter_tab_rename]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_alter_tab_serdeprop]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_tab2]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_tab]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_view]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_rolehierarchy_privs]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_select] (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_select_view]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_show_columns]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_show_parts_nosel]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_truncate] (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_truncate_2] (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_update_noupdatepriv]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_create_no_grant]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_create_no_select_perm]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_drop_other]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_no_select_perm]
(batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_rebuild_no_grant]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_rebuild_other]
(batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[temp_table_authorize_create_tbl]
(batchId=100)
{noformat}

Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/17536/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17536/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17536/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 45 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12971503 - PreCommit-HIVE-Build

> Ranger Authorization in Hive based on object ownership
> ------------------------------------------------------
>
>                 Key: HIVE-21833
>                 URL: https://issues.apache.org/jira/browse/HIVE-21833
>             Project: Hive
>          Issue Type: New Feature
>          Components: HiveServer2
>            Reporter: Sam An
>            Assignee: Sam An
>            Priority: Major
>         Attachments: HIVE-21833.1.patch, HIVE-21833.2.patch, HIVE-21833.6.patch, HIVE-21833.7.patch,
HIVE-21833.8.patch
>
>
> Background: Currently Hive Authorizer for Ranger does not provide owner information for
Hive objects as part of AuthZ calls. This has resulted in gaps with respect to Sentry AuthZ
and customers/partners cannot leverage privileges for owners in their authorization model.
>  
> User Story: As an enterprise security admin, I need to be able to set privileges based
on Hive object ownership for setting up access controls in Ranger so that I can provide appropriate
protections and permissions for my enterprise users.
>  
> Acceptance criteria:
> 1) Owner information is available in Hive -Ranger AuthZ calls 
> 2) Ranger admin users can use owner information to set policies based on object ownership
in Ranger UI and APIs
> 3) OWNER Macro based policies continue to work for Hive objects



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message