Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-3298

Add coarse URI check for Hive Agent

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0, 2.3.0
    • plugins
    • None

    Description

      In `RangerHiveAuthorizer`, the function of `checkPrivileges` will check the permission for the `HivePrivilegeObject` with `FileUtils.isActionPermittedForFileHierarchy`, and this method will check the permission for all the files under the related directory by default.

      For a large table with thousands of files, this operation will take a long time, leading to breaking the SLA. Besides, in the default implementation of `StorageBasedAuthorizationProvider` in Hive, only the directories will be checked too. 

      This ticket is to add a config for users to do a coarse check for URI permission check. 

      Attachments

        Issue Links

          links to

          Web Link review request

          Activity

            People

              Unassigned Unassigned
              Symious Janus Chow
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m