[HAWQ-1279] Force to recompute namespace_path when enable_ranger - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: backlog
Component/s: PXF, Security
Labels:
None

Description

namespace_path is cached in each psql session and the cache invalidation is triggered by Grant/Revoke SQL.

When enable_ranger, Grant/Revoke SQL is no longer use, so the cache prevent a ack-check request sending.

Example:

// create table t(i int); => failed
[{""resource"":{""database"":""postgres"",""schema"":""pg_catalog""},""privileges"":[""usage""],""allowed"":true}]
[{""resource"":{""database"":""postgres"",""schema"":""pg_catalog""},""privileges"":[""usage""],""allowed"":true}]
[{""resource"":{""database"":""postgres"",""schema"":""public""},""privileges"":[""usage""],""allowed"":false}]

// grant usage and create permissions to public schema in ranger and try again => failed again
[{""resource"":{""database"":""postgres"",""schema"":""pg_catalog""},""privileges"":[""usage""],""allowed"":true}]
[{""resource"":{""database"":""postgres"",""schema"":""pg_catalog""},""privileges"":[""usage""],""allowed"":true}]
// why not send a request for USAGE??

Attachments

Issue Links

duplicates

HAWQ-1238 Can not get any data when the network is connected again after a while disconnected.

Closed

links to

GitHub Pull Request #1094

Activity

People

Assignee:: Hongxu Ma

Reporter:: Hongxu Ma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Jan/17 08:56

Updated:: 09/Feb/17 08:18

Resolved:: 19/Jan/17 06:12