Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-21833

Ranger Authorization in Hive based on object ownership

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.0
    • Component/s: HiveServer2
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Background: Currently Hive Authorizer for Ranger does not provide owner information for Hive objects as part of AuthZ calls. This has resulted in gaps with respect to Sentry AuthZ and customers/partners cannot leverage privileges for owners in their authorization model.

       

      User Story: As an enterprise security admin, I need to be able to set privileges based on Hive object ownership for setting up access controls in Ranger so that I can provide appropriate protections and permissions for my enterprise users.

       

      Acceptance criteria:

      1) Owner information is available in Hive -Ranger AuthZ calls 

      2) Ranger admin users can use owner information to set policies based on object ownership in Ranger UI and APIs

      3) OWNER Macro based policies continue to work for Hive objects

        Attachments

        1. HIVE-21833.9.patch
          15 kB
          Sam An
        2. HIVE-21833.8.patch
          15 kB
          Sam An
        3. HIVE-21833.7.patch
          15 kB
          Sam An
        4. HIVE-21833.6.patch
          58 kB
          Sam An
        5. HIVE-21833.2.patch
          50 kB
          Sam An
        6. HIVE-21833.1.patch
          8 kB
          Sam An

          Issue Links

            Activity

              People

              • Assignee:
                samuelan Sam An
                Reporter:
                samuelan Sam An
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: