XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.2.0.0-incubating
    • Security
    • None

    Description

      If Ranger mode is enable, HAWQ send wrong request to RPS for PXF Hcatalog.

      gpadmin=# select count from hcatalog.default.twitterexampletextexample;
      ERROR: permission denied for relation(s): default.twitterexampletextexample

      RPS log:
      ```

      {"repoType":101,"repo":"hawq","reqUser":"gpadmin","evtTime":"2017-03-17 01:18:55.734","access":"select","resource":"gpadmin/default/twitterexampletextexample","resType":"table","action":"select","result":1,"policy":7,"enforcer":"ranger-acl","cliIP":"127.0.0.1","reqData":"select count(*) from hcatalog.default.twitterexampletextexample;","agentHost":"ip-10-32-126-158","logType":"RangerAudit","id":"b1d5137d-adc8-4196-a5e3-35912a43d243","seq_num":63,"event_count":1,"event_dur_ms":0,"tags":[]}

      ```

      Notice `resource":"gpadmin/default/twitterexampletextexample` where gpadmin is my database name for the psql session. HAWQ should have sent `resource":"hcatalog/default/twitterexampletextexample` to RPS for policy check.

      Attachments

        Issue Links

          Activity

            People

              wlin Wen Lin
              wlin Wen Lin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: