Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7916

Support for Apache Ranger authorization provider

    XMLWordPrintableJSON

    Details

    • Type: Epic
    • Status: In Progress
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Impala 3.3.0
    • Component/s: Catalog, Frontend
    • Labels:
      None
    • Epic Name:
      ranger
    • Epic Color:
      ghx-label-6

      Description

      Currently Impala has no easy way to support other authorization providers since the code is very tightly coupled to Sentry. The purpose of this ticket is to provide support for pluggable authorization provider in Impala.

        Attachments

        1.
        Decouple Sentry from Impala Sub-task Resolved Fredy Wijaya
        2.
        Remove support for authorization policy file Sub-task Resolved Austin Nobis
        3.
        Impala Doc: Document Apache Ranger authorization provider Sub-task Closed Alex Rodoni
        4.
        Update Impala build infrastructure to support Apache Ranger Sub-task Resolved Fredy Wijaya
        5.
        Add support for Apache Ranger as an alternative authorization provider Sub-task Resolved Fredy Wijaya
        6.
        Implement GRANT/REVOKE privilege to USER Sub-task Resolved Austin Nobis
        7.
        Implement GRANT/REVOKE privilege to GROUP Sub-task Resolved Austin Nobis
        8.
        Support WITH GRANT OPTION with Ranger authorization provider Sub-task Resolved Austin Nobis
        9.
        Do not re-download Ranger if it is already downloaded Sub-task Resolved Fredy Wijaya
        10.
        Improve Ranger test coverage Sub-task Resolved Austin Nobis
        11.
        Implement SHOW GRANT USER <user> Sub-task Resolved Austin Nobis
        12.
        Implement SHOW GRANT GROUP <group> Sub-task Resolved Austin Nobis
        13.
        Misc clean-up after Sentry decoupling Sub-task Resolved Austin Nobis
        14.
        Support for Ranger cache invalidation with INVALIDATE METADATA or REFRESH AUTHORIZATION Sub-task Resolved Fredy Wijaya
        15.
        Use a more human-readable flag to switch to a different authorization provider Sub-task Resolved radford nguyen
        16.
        Update the Ranger minicluster with various fixes Sub-task Resolved Fredy Wijaya
        17.
        Disable column masking and row filtering Sub-task Resolved Fredy Wijaya
        18.
        Impala Doc: Remove support for authorization policy file Sub-task Closed Alex Rodoni
        19.
        Add test coverage for Ranger with catalog v2 (local catalog) mode Sub-task Resolved Fredy Wijaya
        20.
        Create database/table with Ranger throws UnsupportedOperationException Sub-task Resolved Austin Nobis
        21.
        Refactor Sentry admin user check Sub-task Resolved Fredy Wijaya
        22.
        Add support column-level permissions on views Sub-task Resolved Fredy Wijaya
        23.
        Implement Ranger audit event handler Sub-task Resolved Fredy Wijaya
        24.
        Impala Doc: Doc the column level permission on views Sub-task Closed Alex Rodoni
        25.
        Update Ranger minicluster with the one that supports "refresh" access type Sub-task Resolved Fredy Wijaya
        26.
        Impala Doc: Doc SHOW GRANT GROUP Sub-task Closed Alex Rodoni
        27.
        Include all ranger-audit-plugins runtime dependencies Sub-task Resolved Fredy Wijaya
        28.
        Impala Doc: Document GRANT/REVOKE privilege to USER Sub-task Closed Alex Rodoni
        29.
        Impala Doc: Document GRANT/REVOKE privilege to GROUP Sub-task Closed Alex Rodoni
        30.
        Add Solr into the Impala minicluster Sub-task Resolved Fredy Wijaya
        31.
        Refactor authorization code from AnalysisContext to AuthorizationChecker Sub-task Resolved Fredy Wijaya
        32.
        Make some unsupported SQL error messages to be more user friendly Sub-task Resolved Fredy Wijaya
        33.
        GRANT gives confusing error message Sub-task Resolved Fredy Wijaya
        34.
        Show inherited privileges in show grant w/ Ranger Sub-task In Progress Austin Nobis
        35.
        FIx revoke grant option behavior Sub-task Resolved Austin Nobis
        36.
        Confusing error messages in SHOW GRANT statements Sub-task Resolved Fredy Wijaya
        37.
        Log the SQL statement in Ranger audit log Sub-task Resolved Fredy Wijaya
        38.
        Populate required Ranger audit fields to be consistent with Hive Sub-task Resolved Fredy Wijaya
        39.
        Do not re-create a new instance of AuthorizationChecker with Ranger authorization Sub-task Resolved Fredy Wijaya
        40.
        Log a a group of privileges into a single audit event Sub-task Resolved Fredy Wijaya
        41.
        Update grammar for Ranger revoke grant option statement Sub-task Open Unassigned
        42.
        Batch the authorization requests to Ranger Sub-task Open Unassigned

          Activity

            People

            • Assignee:
              fredyw Fredy Wijaya
              Reporter:
              fredyw Fredy Wijaya
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated: