You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/03/22 15:53:37 UTC
Re: Review Request 73245: RANGER-3218: User getting denied even after
having tag based policy.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73245/
-----------------------------------------------------------
(Updated March 22, 2021, 3:53 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Updated with Apache JIRA details
Summary (updated)
-----------------
RANGER-3218: User getting denied even after having tag based policy.
Bugs: RANGER-3218
https://issues.apache.org/jira/browse/RANGER-3218
Repository: ranger
Description
-------
Steps
1.Created a database "vehicle1" with table "cars" and inserted some data into table with hive user.
2.Tried to access "vehicle1" with user 'unixuser1' which will be denied since policy is not there.
select * from vehicle1.cars;
3.Created a tag "tag1" in Atlas and assigned to database (vehicle1)
4.Created a unzone policy for "tag1" in cm_tag and gave permission to "unixuser1".
5.Again tried to access the data with user 'unixuser1' but still it is getting denied after having policy for the resource.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 9d7952028
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java df93bd55e
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java fda57f947
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java c3d7816fa
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java fd5b1471e
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ec788afc8
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 838184271
security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 09d3beac2
Diff: https://reviews.apache.org/r/73245/diff/1/
Testing (updated)
-------
Passed all unit tests.
Verified that tag policy is applied correctly in the step 5 described in the scenario in the description.
Thanks,
Abhay Kulkarni