ranger-dev mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Ramesh Mani <rm...@hortonworks.com>
Subject	Re: Review Request 58658: RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Date	Thu, 04 May 2017 17:11:50 GMT
> On April 30, 2017, 8:25 p.m., Madhan Neethiraj wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > > Lines 1415 (patched) > > <https://reviews.apache.org/r/58658/diff/2/?file=1703904#file1703904line1416> > > > > Would current URI access checks (for hdfs://, file://), that are performed by FileSystem, be done using Ranger Hive policies after this patch? > > > > If yes, new Ranger Hive policies would have to be added to allow URL access; else it might break existing deployments. Please review. > > > > One option to consider is to fallback on FileSystem access check when there is no Ranger Hive policy to grant the necessary access. Currently URI check for hdfs://, file:// are not done by the Hive Policies, it is be done by the FileSystem access check. Only if its s3a://, s3n:// it will be done by Hive Policy. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58658/#review173456 ----------------------------------------------------------- On May 4, 2017, 5:10 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58658/ > ----------------------------------------------------------- > > (Updated May 4, 2017, 5:10 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-1513 > https://issues.apache.org/jira/browse/RANGER-1513 > > > Repository: ranger > > > Description > ------- > > RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin > > > Diffs > ----- > > agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20 > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e > hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef > hive-agent/src/test/resources/hive-policies.json 2b568dc > security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java PRE-CREATION > > > Diff: https://reviews.apache.org/r/58658/diff/3/ > > > Testing > ------- > > Test in local VM > > > Thanks, > > Ramesh Mani > >
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, 7-Bit, 2519 bytes)
	View raw message