[HAWQ-1396] HAWQ Sends Wrong Request to RPS for PXF Hcatalog - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.2.0.0-incubating
Component/s: Security
Labels:
None

Description

If Ranger mode is enable, HAWQ send wrong request to RPS for PXF Hcatalog.

gpadmin=# select count from hcatalog.default.twitterexampletextexample;
ERROR: permission denied for relation(s): default.twitterexampletextexample

RPS log:
```

{"repoType":101,"repo":"hawq","reqUser":"gpadmin","evtTime":"2017-03-17 01:18:55.734","access":"select","resource":"gpadmin/default/twitterexampletextexample","resType":"table","action":"select","result":1,"policy":7,"enforcer":"ranger-acl","cliIP":"127.0.0.1","reqData":"select count(*) from hcatalog.default.twitterexampletextexample;","agentHost":"ip-10-32-126-158","logType":"RangerAudit","id":"b1d5137d-adc8-4196-a5e3-35912a43d243","seq_num":63,"event_count":1,"event_dur_ms":0,"tags":[]}

```

Notice `resource":"gpadmin/default/twitterexampletextexample` where gpadmin is my database name for the psql session. HAWQ should have sent `resource":"hcatalog/default/twitterexampletextexample` to RPS for policy check.

Attachments

Issue Links

is duplicated by

HAWQ-1410 Add basic test case for hcatalog with ranger

Closed

links to

GitHub Pull Request #1180

GitHub Pull Request #1212

Activity

People

Assignee:: Wen Lin

Reporter:: Wen Lin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Mar/17 06:51

Updated:: 14/Apr/17 04:07

Resolved:: 28/Mar/17 09:26