Open
Description
Describe the proposal
Currently, Gravitino 0.6.x implements Ranger authorization Hive API interface and pushdown privilege to Ranger service.
Next step, We'll let Ranger authorize Hive production available.
Task list
- [Improvement] Filter Catalog securiable object in authorization Ranger #5106
- [Improvement] Upper-layer metadata sets lower-layer privilege #5116
- [Subtask] Ranger plugin needs to supports federated data source #5119
- [Subtask] Ranger plugin should support rename operation #5124
- [Subtask] Consistency of failure of the underlying system for operational authorization #4620
- [Subtask] Ignore privileges in RangerAuthorization that are not supported #4617
- [Subtask] Support select table privilege from catalog/metalake in the RangerAuthorization #4616
- [Subtask] Support deny privilege in the RangerAuthorizationPlugin #4614
- [Subtask] Create a role, delete a role and recreate a role, it will throw an exception #5129
- [Subtask] Fail to delete the role for the authorization plugin #5130
- [Subtask] The owner of catalog/metalake should have all the privileges of schemas/tables #5135
- [Subtask] Delete a securable object, we should delete the owner and roles on this securable object #5146
- [Subtask] Can't read or write tables #5151
- [Improvement] Refactor RangerSecurableObject class #5196
- [Subtask] Add more integration tests for the access control #5180
- [Subtask] Remove MANAGED_BY_GRAVITINO limit #5336
- [Subtask] Throw AuthorizationPluginException in the authorization plugin #5364
Activity