ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jiayi Liu <liujiayi...@gmail.com>
Subject Review Request 72647: RANGER-2896: show grant not display grant_time in hive plugin
Date Mon, 06 Jul 2020 06:53:26 GMT 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72647/
-----------------------------------------------------------

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-2896
    https://issues.apache.org/jira/browse/RANGER-2896


Repository: ranger


Description
-------

show grant can not display grant_time, because RANGER-836 pruned the content of policy download.

When using show grant, grant_time will always be 0.

```bash
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+
| database  | table  | partition  | column  | principal_name  | principal_type  | privilege
 | grant_option  | grant_time  | grantor  |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+
| default   | *      | []         | []      | hadoop          | USER            | ALTER  
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | CREATE 
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | DROP   
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | INDEX  
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | LOCK   
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | READ   
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | SELECT 
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | UPDATE 
   | true          | 0           | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | WRITE  
   | true          | 0           | ranger   |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+
```

In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets creationDate from policy.getCreateTime().

```java
if (accessTypes.contains(aclName.toLowerCase()) && (users.contains(hivePrincipal.getName())
|| groups.contains(hivePrincipal.getName()))) {
    creationDate = (policy.getCreateTime() == null) ? creationDate : (int) (policy.getCreateTime().getTime()/1000);
    delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
}
```


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java a09a35295



Diff: https://reviews.apache.org/r/72647/diff/1/


Testing
-------

show grant can display grant_time.
```bash
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database  | table  | partition  | column  | principal_name  | principal_type  | privilege
 | grant_option  |   grant_time   | grantor  |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| default   | *      | []         | []      | hadoop          | USER            | ALTER  
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | CREATE 
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | DROP   
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | INDEX  
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | LOCK   
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | READ   
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | SELECT 
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | UPDATE 
   | true          | 1594004452000  | ranger   |
| default   | *      | []         | []      | hadoop          | USER            | WRITE  
   | true          | 1594004452000  | ranger   |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
```


Thanks,

Jiayi Liu
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message