You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2023/06/16 17:52:14 UTC
[ranger] branch master updated: RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0e80fc804 RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created
0e80fc804 is described below
commit 0e80fc804f1a3e6d746e6334382fedb91dbf072d
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Fri Jun 16 10:52:05 2023 -0700
RANGER-4291: If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created
---
.../authorization/hive/authorizer/RangerHiveAuditHandler.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index af991962f..b8de775e5 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -151,9 +151,9 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
int policyType = result.getPolicyType();
if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
- ret = createAuditEvent(result, result.getMaskType(), resourcePath);
- } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
- ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
+ ret = createAuditEvent(result, result.getMaskType(), resourcePath);
+ } else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER && result.isRowFilterEnabled()) {
+ ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath );
} else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
String accessType = null;