We try to grant database connect and schema usage privileges to a non-super user to connect database. We find that if we set policy with database and schema included, but with table excluded, we can not connect database. But if we include table, we can connect to database. We think there may be bug in Ranger Plugin Service or Ranger. Here are steps to reproduce it.
1. create a new user "usertest1" in database:
2. add user "usertest1" in pg_hba.conf
3. set policy with database and schema included, with table excluded
4. connect database with user "usertest1" but failed with permission denied
5. set policy with database, schema and table included
6. connect database with user "usertest1" and succeed
But if we do not set table as "*", and specify table like "a", we can not access database either.