[jira] [Commented] (HIVE-21833) Ranger Authorization in Hive based on object ownership

Hive QA (JIRA) Wed, 12 Jun 2019 06:57:38 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-21833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16862122#comment-16862122
 ]


Hive QA commented on HIVE-21833:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12971503/HIVE-21833.8.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 45 failed/errored test(s), 16021 tests 
executed
*Failed tests:*
{noformat}
TestDataSourceProviderFactory - did not produce a TEST-*.xml file (likely timed 
out) (batchId=232)
TestObjectStore - did not produce a TEST-*.xml file (likely timed out) 
(batchId=232)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_addpartition]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_db_owner]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_db_owner_default]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_drop_ptn]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_table_exchange_partition_fail2]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_alter_table_exchange_partition_fail]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_macro1]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_tbl]
 (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_create_view]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_createview]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_ctas2]
 (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_ctas]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_delete_nodeletepriv]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_desc_table_nosel]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_drop_db_cascade]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_drop_db_empty]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_droppartition]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_explain]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insert_noinspriv]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insert_noselectpriv]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insertoverwrite_nodel]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_insertpart_noinspriv]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_msck]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_alter_tab_rename]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_alter_tab_serdeprop]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_tab2]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_tab]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_not_owner_drop_view]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_rolehierarchy_privs]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_select]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_select_view]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_show_columns]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_show_parts_nosel]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_truncate]
 (batchId=102)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_truncate_2]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[authorization_update_noupdatepriv]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_create_no_grant]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_create_no_select_perm]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_drop_other]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_no_select_perm]
 (batchId=101)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_rebuild_no_grant]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[materialized_view_authorization_rebuild_other]
 (batchId=100)
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testCliDriver[temp_table_authorize_create_tbl]
 (batchId=100)
{noformat}

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/17536/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17536/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17536/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 45 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12971503 - PreCommit-HIVE-Build

> Ranger Authorization in Hive based on object ownership
> ------------------------------------------------------
>
>                 Key: HIVE-21833
>                 URL: https://issues.apache.org/jira/browse/HIVE-21833
>             Project: Hive
>          Issue Type: New Feature
>          Components: HiveServer2
>            Reporter: Sam An
>            Assignee: Sam An
>            Priority: Major
>         Attachments: HIVE-21833.1.patch, HIVE-21833.2.patch, 
> HIVE-21833.6.patch, HIVE-21833.7.patch, HIVE-21833.8.patch
>
>
> Background: Currently Hive Authorizer for Ranger does not provide owner 
> information for Hive objects as part of AuthZ calls. This has resulted in 
> gaps with respect to Sentry AuthZ and customers/partners cannot leverage 
> privileges for owners in their authorization model.
>  
> User Story: As an enterprise security admin, I need to be able to set 
> privileges based on Hive object ownership for setting up access controls in 
> Ranger so that I can provide appropriate protections and permissions for my 
> enterprise users.
>  
> Acceptance criteria:
> 1) Owner information is available in Hive -Ranger AuthZ calls 
> 2) Ranger admin users can use owner information to set policies based on 
> object ownership in Ranger UI and APIs
> 3) OWNER Macro based policies continue to work for Hive objects



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HIVE-21833) Ranger Authorization in Hive based on object ownership

Reply via email to