You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/03/22 15:53:37 UTC

Re: Review Request 73245: RANGER-3218: User getting denied even after having tag based policy.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73245/
-----------------------------------------------------------

(Updated March 22, 2021, 3:53 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Updated with Apache JIRA details


Summary (updated)
-----------------

RANGER-3218: User getting denied even after having tag based policy.


Bugs: RANGER-3218
    https://issues.apache.org/jira/browse/RANGER-3218


Repository: ranger


Description
-------

Steps
1.Created a database "vehicle1" with table "cars" and inserted some data into table with hive user.
2.Tried to access "vehicle1" with user 'unixuser1' which will be denied since policy is not there.

select * from vehicle1.cars;
3.Created a tag "tag1" in Atlas and assigned to database (vehicle1)
4.Created a unzone policy for "tag1" in cm_tag and gave permission to "unixuser1".
5.Again tried to access the data with user 'unixuser1' but still it is getting denied after having policy for the resource.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 9d7952028 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java df93bd55e 
  agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java fda57f947 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java c3d7816fa 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java fd5b1471e 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ec788afc8 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 838184271 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 09d3beac2 


Diff: https://reviews.apache.org/r/73245/diff/1/


Testing (updated)
-------

Passed all unit tests.
Verified that tag policy is applied correctly in the step 5 described in the scenario in the description.


Thanks,

Abhay Kulkarni