Hi, I am using Spark 2.4.5 and Ranger 1.2.0, and built the submarine-spark-security plugin on commit 2ff3339 with mvn clean package -Dmaven.javadoc.skip=true -DskipTests -pl :submarine-spark-security -Pspark-2.4 -Pranger-1.2.
Upon creating a user in Ranger with no permissions (or in my case, precisely, I created an user in OpenLDAP, synced it via ranger-usersync, and did not assign any permissions for the new user), it is expected the user will get permission denied error (e.g. SparkAccessControlException) for all SQL operations (e.g. SELECT, INSERT, DROP).
However, the permission denial only works for SELECT & INSERT.
"DROP TABLE" was still allowed despite the user having no permissions at all, and the table was dropped as a result.
I am setting spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtensionif it matters. hive.server2.authentication is also set to LDAP in /spark/conf/hive-site.xml.
Hi, I am using Spark 2.4.5 and Ranger 1.2.0, and built the submarine-spark-security plugin on commit 2ff3339 with
mvn clean package -Dmaven.javadoc.skip=true -DskipTests -pl :submarine-spark-security -Pspark-2.4 -Pranger-1.2.Upon creating a user in Ranger with no permissions (or in my case, precisely, I created an user in OpenLDAP, synced it via ranger-usersync, and did not assign any permissions for the new user), it is expected the user will get permission denied error (e.g. SparkAccessControlException) for all SQL operations (e.g. SELECT, INSERT, DROP).
However, the permission denial only works for SELECT & INSERT.
"DROP TABLE" was still allowed despite the user having no permissions at all, and the table was dropped as a result.
I am setting
spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtensionif it matters.hive.server2.authenticationis also set toLDAPin /spark/conf/hive-site.xml.