Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
None
-
None
Description
We try to grant database connect and schema usage privileges to a non-super user to connect database. We find that if we set policy with database and schema included, but with table excluded, we can not connect database. But if we include table, we can connect to database. We think there may be bug in Ranger Plugin Service or Ranger. Here are steps to reproduce it.
1. create a new user "usertest1" in database:
$ psql postgres psql (8.2.15) Type "help" for help. postgres=# CREATE USER usertest1; NOTICE: resource queue required -- using default resource queue "pg_default" CREATE ROLE postgres=#
2. add user "usertest1" in pg_hba.conf
local all usertest1 trust
3. set policy with database and schema included, with table excluded
4. connect database with user "usertest1" but failed with permission denied
$ psql postgres -U usertest1 psql: FATAL: permission denied for database "postgres" DETAIL: User does not have CONNECT privilege.
5. set policy with database, schema and table included
6. connect database with user "usertest1" and succeed
$ psql postgres -U usertest1 psql (8.2.15) Type "help" for help. postgres=#
But if we do not set table as "*", and specify table like "a", we can not access database either.