You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2015/09/09 00:59:04 UTC

Review Request 38192: RANGER-606: RangerPolicy enhanced to support new policy-items for deny/allowExceptions/denyExceptions

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38192/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Ramesh Mani, and Velmurugan Periasamy.


Bugs: RANGER-606
    https://issues.apache.org/jira/browse/RANGER-606


Repository: ranger


Description
-------

Updated Ranger policy model to support policy-items of type deny/allowExceptions/denyExceptions. This will allow creation of policies that explicitly deny access to users/groups based on specified conditions. Allow-exceptions and deny-exceptions enable excluding certain users/groups from allow/deny which could have been specified for a wider group.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 19c2b50 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java da817c6 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java 9bc43c7 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java c7d2a28 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 96fddde 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java 1308e63 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java 45fce94 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9c63089 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 6f8faff 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 9fa20cd 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 624ff1c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java e91d5d1 
  agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java 772c2d7 
  agents-common/src/test/resources/policyengine/test_policyengine_hbase.json de9c130 
  agents-common/src/test/resources/policyengine/test_policyengine_hive_mutex_conditions.json 9c29cfd 
  agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json 454cf51 
  agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json f071cdc 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java cccea3e 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java fd9fc3d 
  security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 224f0cd 
  security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b76a0ed 
  security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java 35e9f98 
  security-admin/src/main/webapp/scripts/models/RangerPolicy.js 3546549 
  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ba986f9 
  security-admin/src/main/webapp/scripts/utils/XAUtils.js d0d62a2 
  security-admin/src/main/webapp/scripts/views/policies/PermissionList.js efc5377 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js d969c37 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 6d7f3d7 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js eaaf273 
  security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 3979ea2 
  security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 9c4fb3f 
  security-admin/src/main/webapp/templates/policies/PermissionItem.html 63375c9 
  security-admin/src/main/webapp/templates/policies/PermissionList.html 070b908 
  security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html 4a6533b 
  security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 1185980 
  security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html ad7a07d 
  security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html fc697db 
  security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 1a43c98 
  security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java bac5261 

Diff: https://reviews.apache.org/r/38192/diff/


Testing
-------

- Verified that existing unit tests pass successfully.


Thanks,

Madhan Neethiraj