Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4708

Grant/revoke commands honoured by Ranger policy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Ranger
    • None

    Description

      STEPS TO REPRODUCE:
      Create table t1 in hive
      As user u1, perform invoke grant/revoke commands via hive beeline for table t1
      Inspect access audit logs corresponding to grant/revoke operations
      User u1 can have admin or USER role on ranger side.

      CURRENT BEHAVIOUR:
      Logs show that the grant or revoke operation is allowed by default ranger-hive policy 'default database tables columns' (public group has create permissions on resource=[default/*/*])

      EXPECTED BEHAVIOUR:
      Grant/Revoke operations are admin operations and should be performed by a user having admin role on ranger side. The permissions shouldnot not be granted via ranger policy

      Attachments

        Activity

          People

            Unassigned Unassigned
            suja suja s
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: