Uploaded image for project: 'Apache HAWQ'
  1. Apache HAWQ
  2. HAWQ-256 Integrate Security with Apache Ranger
  3. HAWQ-1396

HAWQ Sends Wrong Request to RPS for PXF Hcatalog

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0.0-incubating
    • Component/s: Security
    • Labels:
      None

      Description

      If Ranger mode is enable, HAWQ send wrong request to RPS for PXF Hcatalog.

      gpadmin=# select count from hcatalog.default.twitterexampletextexample;
      ERROR: permission denied for relation(s): default.twitterexampletextexample

      RPS log:
      ```

      {"repoType":101,"repo":"hawq","reqUser":"gpadmin","evtTime":"2017-03-17 01:18:55.734","access":"select","resource":"gpadmin/default/twitterexampletextexample","resType":"table","action":"select","result":1,"policy":7,"enforcer":"ranger-acl","cliIP":"127.0.0.1","reqData":"select count(*) from hcatalog.default.twitterexampletextexample;","agentHost":"ip-10-32-126-158","logType":"RangerAudit","id":"b1d5137d-adc8-4196-a5e3-35912a43d243","seq_num":63,"event_count":1,"event_dur_ms":0,"tags":[]}

      ```

      Notice `resource":"gpadmin/default/twitterexampletextexample` where gpadmin is my database name for the psql session. HAWQ should have sent `resource":"hcatalog/default/twitterexampletextexample` to RPS for policy check.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlin Wen Lin
                Reporter:
                wlin Wen Lin
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: