[Enhancement] Support column access privilege for Ranger #47702

HangyuanLiu · 2024-07-01T11:21:37Z

Why I'm doing:

What I'm doing:

Fixes #issue

What type of PR is this:

Does this PR entail a change in behavior?

Yes, this PR will result in a change in behavior.
No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

Interface/UI changes: syntax, type conversion, expression evaluation, display information
Parameter changes: default values, similar parameters but with different default values
Policy changes: use new policy to replace old one, functionality automatically enabled
Feature removed
Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

I have added test cases for my bug fix or my new feature
This pr needs user documentation (for new or modified features or behaviors)
- I have added documentation for my new feature or new function
This is a backport pr

Bugfix cherry-pick branch check:

Signed-off-by: HangyuanLiu <460660596@qq.com>

sonarqubecloud · 2024-07-02T13:17:42Z

Quality Gate passed

Issues
6 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

github-actions · 2024-07-02T15:16:06Z

[FE Incremental Coverage Report]

❌ fail : 73 / 142 (51.41%)

file detail

	path	covered_line	new_line	coverage	not_covered_line_detail
🔵	com/starrocks/privilege/ranger/hive/RangerHiveAccessController.java	0	6	00.00%	[82, 83, 84, 85, 86, 88]
🔵	com/starrocks/privilege/ranger/starrocks/RangerStarRocksAccessController.java	0	7	00.00%	[153, 154, 155, 156, 157, 158, 160]
🔵	com/starrocks/privilege/ColumnPrivilege.java	53	109	48.62%	[54, 65, 78, 80, 82, 83, 85, 86, 87, 88, 89, 90, 91, 93, 98, 99, 101, 103, 104, 105, 106, 107, 108, 109, 110, 160, 161, 162, 163, 167, 168, 169, 170, 175, 176, 177, 179, 180, 183, 184, 185, 186, 187, 188, 208, 209, 210, 211, 216, 217, 218, 219, 224, 225, 226, 227]
🔵	com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java	19	19	100.00%	[]
🔵	com/starrocks/sql/StatementPlanner.java	1	1	100.00%	[]

github-actions · 2024-07-02T15:16:10Z

[BE Incremental Coverage Report]

✅ pass : 0 / 0 (0%)

Seaven

LGTM，but I don't think run the whole optimization process is a good design

nshangyiming · 2024-07-03T06:49:55Z

conf/ranger/ranger-servicedef-starrocks.json

@@ -141,7 +141,6 @@
      "label": "StarRocks View",
      "description": "StarRocks View",
      "accessTypeRestrictions": [
-        "select",


table needs to delete select

nshangyiming · 2024-07-03T06:50:05Z

.../src/main/java/com/starrocks/privilege/ranger/starrocks/RangerStarRocksAccessController.java

@@ -147,6 +147,18 @@ public void checkAnyActionOnAnyTable(UserIdentity currentUser, Set<Long> roleIds
        throw new AccessDeniedException();
    }

+    @Override
+    public void checkColumnsAction(UserIdentity currentUser, Set<Long> roleIds, TableName tableName,


Suggested change

public void checkColumnsAction(UserIdentity currentUser, Set<Long> roleIds, TableName tableName,

public void checkColumnAction(UserIdentity currentUser, Set<Long> roleIds, TableName tableName,

github-actions · 2024-07-03T07:27:06Z

@Mergifyio backport branch-3.3

github-actions · 2024-07-03T07:27:08Z

@Mergifyio backport branch-3.2

mergify · 2024-07-03T07:27:16Z

backport branch-3.3

✅ Backports have been created

#47793 [Enhancement] Support column access privilege for Ranger (backport #47702) has been created for branch branch-3.3 but encountered conflicts

mergify · 2024-07-03T07:27:17Z

backport branch-3.2

✅ Backports have been created

#47794 [Enhancement] Support column access privilege for Ranger (backport #47702) has been created for branch branch-3.2 but encountered conflicts

Signed-off-by: HangyuanLiu <460660596@qq.com> (cherry picked from commit ba567ce) # Conflicts: # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java

Signed-off-by: HangyuanLiu <460660596@qq.com> (cherry picked from commit ba567ce) # Conflicts: # fe/fe-core/src/main/java/com/starrocks/privilege/AccessController.java # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/Authorizer.java # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java # fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java

Signed-off-by: HangyuanLiu <460660596@qq.com> (cherry picked from commit ba567ce) # Conflicts: # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java

Signed-off-by: HangyuanLiu <460660596@qq.com> (cherry picked from commit ba567ce) # Conflicts: # fe/fe-core/src/main/java/com/starrocks/privilege/AccessController.java # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/Authorizer.java # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java # fe/fe-core/src/test/java/com/starrocks/sql/analyzer/PrivilegeCheckerTest.java

Signed-off-by: HangyuanLiu <460660596@qq.com> (cherry picked from commit ba567ce) # Conflicts: # fe/fe-core/src/main/java/com/starrocks/sql/analyzer/AuthorizerStmtVisitor.java

…7702) (#47793) Co-authored-by: Harbor Liu <460660596@qq.com>

…7702) (#47794) Co-authored-by: Harbor Liu <460660596@qq.com>

HangyuanLiu requested review from a team as code owners July 1, 2024 11:21

mergify bot assigned HangyuanLiu Jul 1, 2024

github-actions bot added 3.3 3.2 behavior_changed labels Jul 1, 2024

HangyuanLiu force-pushed the 0701-col-pri branch 6 times, most recently from aab12dd to 8603f5d Compare July 2, 2024 07:12

Support column access privilege for Ranger

f77f03b

Signed-off-by: HangyuanLiu <460660596@qq.com>

HangyuanLiu force-pushed the 0701-col-pri branch from 8603f5d to f77f03b Compare July 2, 2024 13:08

Seaven approved these changes Jul 3, 2024

View reviewed changes

nshangyiming reviewed Jul 3, 2024

View reviewed changes

nshangyiming approved these changes Jul 3, 2024

View reviewed changes

wanpengfei-git merged commit ba567ce into StarRocks:main Jul 3, 2024
54 of 56 checks passed

github-actions bot removed the 3.3 label Jul 3, 2024

github-actions bot removed the 3.2 label Jul 3, 2024

This was referenced Jul 3, 2024

[Enhancement] Support column access privilege for Ranger (backport #47702) #47793

Merged

[Enhancement] Support column access privilege for Ranger (backport #47702) #47794

Merged

wanpengfei-git pushed a commit that referenced this pull request Jul 3, 2024

[Enhancement] Support column access privilege for Ranger (backport #4…

732a006

…7702) (#47793) Co-authored-by: Harbor Liu <460660596@qq.com>

github-actions bot added the 3.3-merged label Jul 3, 2024

wanpengfei-git pushed a commit that referenced this pull request Jul 3, 2024

[Enhancement] Support column access privilege for Ranger (backport #4…

8be4fa9

…7702) (#47794) Co-authored-by: Harbor Liu <460660596@qq.com>

github-actions bot added the 3.2-merged label Jul 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Enhancement] Support column access privilege for Ranger #47702

[Enhancement] Support column access privilege for Ranger #47702

HangyuanLiu commented Jul 1, 2024 •

edited

Loading

sonarqubecloud bot commented Jul 2, 2024

github-actions bot commented Jul 2, 2024

github-actions bot commented Jul 2, 2024

Seaven left a comment •

edited

Loading

nshangyiming Jul 3, 2024

nshangyiming Jul 3, 2024

github-actions bot commented Jul 3, 2024

github-actions bot commented Jul 3, 2024

mergify bot commented Jul 3, 2024 •

edited

Loading

mergify bot commented Jul 3, 2024 •

edited

Loading

	public void checkColumnsAction(UserIdentity currentUser, Set<Long> roleIds, TableName tableName,
	public void checkColumnAction(UserIdentity currentUser, Set<Long> roleIds, TableName tableName,

[Enhancement] Support column access privilege for Ranger #47702

[Enhancement] Support column access privilege for Ranger #47702

Conversation

HangyuanLiu commented Jul 1, 2024 • edited Loading

Why I'm doing:

What I'm doing:

What type of PR is this:

Checklist:

Bugfix cherry-pick branch check:

sonarqubecloud bot commented Jul 2, 2024

Quality Gate passed

github-actions bot commented Jul 2, 2024

[FE Incremental Coverage Report]

file detail

github-actions bot commented Jul 2, 2024

[BE Incremental Coverage Report]

Seaven left a comment • edited Loading

Choose a reason for hiding this comment

nshangyiming Jul 3, 2024

Choose a reason for hiding this comment

nshangyiming Jul 3, 2024

Choose a reason for hiding this comment

github-actions bot commented Jul 3, 2024

github-actions bot commented Jul 3, 2024

mergify bot commented Jul 3, 2024 • edited Loading

✅ Backports have been created

mergify bot commented Jul 3, 2024 • edited Loading

✅ Backports have been created

HangyuanLiu commented Jul 1, 2024 •

edited

Loading

Seaven left a comment •

edited

Loading

mergify bot commented Jul 3, 2024 •

edited

Loading

mergify bot commented Jul 3, 2024 •

edited

Loading