You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by ab...@apache.org on 2023/06/16 17:52:14 UTC

[ranger] branch master updated: RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 0e80fc804 RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created
0e80fc804 is described below

commit 0e80fc804f1a3e6d746e6334382fedb91dbf072d
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Fri Jun 16 10:52:05 2023 -0700

    RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created
---
 .../authorization/hive/authorizer/RangerHiveAuditHandler.java       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index af991962f..b8de775e5 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -151,9 +151,9 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
 		int                  policyType = result.getPolicyType();
 
 		if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
-		    ret = createAuditEvent(result, result.getMaskType(), resourcePath);
-        } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
-            ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
+			ret = createAuditEvent(result, result.getMaskType(), resourcePath);
+		} else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER && result.isRowFilterEnabled()) {
+			ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath );
 		} else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
 			String accessType = null;