ranger icon indicating copy to clipboard operation
ranger copied to clipboard

Published 20 hours ago verified publisher icon apache

RANGER-3298. Add coarse option for Hive URI permission check

Open symious opened this issue 4 years ago • 3 comments

In RangerHiveAuthorizer, the function of checkPrivileges will check the permission for the HivePrivilegeObject with FileUtils.isActionPermittedForFileHierarchy, and this method will check the permission for all the files under the related directory by default.

For a large table with thousands of files, this operation will take a long time, leading to breaking the SLA. Besides, in the default implementation of StorageBasedAuthorizationProvider in Hive, only the directories will be checked too.

This ticket is to add a config for users to do a coarse check for URI permission check.

symious avatar May 27 '21 16:05 symious

@rameeshm Could you have a look at this PR?

symious avatar Jun 10 '21 04:06 symious

@symious Could you please create a review request in https://reviews.apache.org/ against ranger project we shall review this and merge.

rameeshm avatar Nov 24 '21 04:11 rameeshm

@rameeshm Review request created. Please have a look. https://reviews.apache.org/r/73727/

symious avatar Nov 24 '21 08:11 symious