Description
In the above mentioned link there is a "SET Role" command which seems not implemented yet in Ranger hive plugin
If Ranger Hive plugin is enabled then execution of "set role" throws method not implemented exception probably due to :
Expected behavior after the patch :
Without Ranger ACL Use case :
1) create two roles let say role1 and role2
2) create one table table1 and insert a record.
3) grant select on the table1 to role1 and insert on the table1 to role2
4) create user testuser1 and give both role1 and role2 to user testuser1
5) login from user testuser1 and set role to role1 by using set role command
6) execute sql statement to select the records : since role1 is having select grant user will able to view the records.
7) execute insert statement to add a record : since role1 is not having insert privileges and user has set current role to only role1 he would not able to insert the records.
8) now run the command set role and set the role to role2
9) execute insert statement to add a record : since role2 is having insert privileges and user has set current role to only role2 he would able to insert the records.
10) execute sql statement to select the records : since role2 is not having select permissions, user will not able to view the records.
11) logout and login again from same user and execute show current role command , both role should be displayed.
Attachments
Issue Links
- is related to
-
RANGER-2640 Implement SHOW ROLE GRANT in Hive ranger plugin
-
- Resolved
-
-
RANGER-2425 Enhance ranger hive plugin to support sql role commands
-
- Resolved
-
- links to
