pingsutw
commented
3 years ago cc @xunliu
Closed atomeel closed 2 years ago
pingsutw
commented
3 years ago cc @xunliu
yaooqinn
commented
3 years ago Do you mind if you can create a PR to fix this @atomeel ?
chenghm
commented
2 years ago Have you solved the problem? @atomeel @yaooqinn
chenghm
commented
2 years ago I have fixed this problem locally,but I found that this model has been removed. Where do I submit the pull request ?
@yaooqinn
chenghm
commented
2 years ago Besides the drop table permission problem, there are also the insert and alter table permission problem.
yaooqinn
commented
2 years ago We will maintain this module in apache/incubator-kyuubi later. Currently, we haven't finished the initial setup yet, would you like to help?
chenghm
commented
2 years ago OK
xiaolan-bit
commented
10 months ago does there are any solutions in this case now? I found the same question now
xiaolan-bit
commented
10 months ago ranger-2.3.0 hive-3.1.3 hdfs-3.3.6
Hi, I am using Spark 2.4.5 and Ranger 1.2.0, and built the submarine-spark-security plugin on commit 2ff3339 with
mvn clean package -Dmaven.javadoc.skip=true -DskipTests -pl :submarine-spark-security -Pspark-2.4 -Pranger-1.2.Upon creating a user in Ranger with no permissions (or in my case, precisely, I created an user in OpenLDAP, synced it via ranger-usersync, and did not assign any permissions for the new user), it is expected the user will get permission denied error (e.g. SparkAccessControlException) for all SQL operations (e.g. SELECT, INSERT, DROP).
However, the permission denial only works for SELECT & INSERT. "DROP TABLE" was still allowed despite the user having no permissions at all, and the table was dropped as a result.
I am setting
spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtensionif it matters.hive.server2.authenticationis also set toLDAPin /spark/conf/hive-site.xml.