You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/01/06 22:52:44 UTC
Re: Review Request 73120: RANGER-3122: Support delegate-admin for
specific permissions - Part 2
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/
-----------------------------------------------------------
(Updated Jan. 6, 2021, 10:52 p.m.)
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Summary (updated)
-----------------
RANGER-3122: Support delegate-admin for specific permissions - Part 2
Bugs: RANGER-3122
https://issues.apache.org/jira/browse/RANGER-3122
Repository: ranger
Description
-------
Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d
Diff: https://reviews.apache.org/r/73120/diff/1/
Testing
-------
Tested with datamask and rowfilter policies filtering in a cluster
Thanks,
Abhay Kulkarni
Re: Review Request 73120: RANGER-3122: Support delegate-admin for
specific permissions - Part 2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222412
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On Jan. 6, 2021, 10:52 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
>
> (Updated Jan. 6, 2021, 10:52 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
>
>
> Bugs: RANGER-3122
> https://issues.apache.org/jira/browse/RANGER-3122
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
>
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d
>
>
> Diff: https://reviews.apache.org/r/73120/diff/1/
>
>
> Testing
> -------
>
> Tested with datamask and rowfilter policies filtering in a cluster
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73120: RANGER-3122: Support delegate-admin for
specific permissions - Part 2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222415
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Jan. 6, 2021, 11:41 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
>
> (Updated Jan. 6, 2021, 11:41 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
>
>
> Bugs: RANGER-3122
> https://issues.apache.org/jira/browse/RANGER-3122
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
>
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d
>
>
> Diff: https://reviews.apache.org/r/73120/diff/2/
>
>
> Testing
> -------
>
> Tested with datamask and rowfilter policies filtering in a cluster
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73120: RANGER-3122: Support delegate-admin for
specific permissions - Part 2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222413
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On Jan. 6, 2021, 11:41 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
>
> (Updated Jan. 6, 2021, 11:41 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
>
>
> Bugs: RANGER-3122
> https://issues.apache.org/jira/browse/RANGER-3122
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
>
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d
>
>
> Diff: https://reviews.apache.org/r/73120/diff/2/
>
>
> Testing
> -------
>
> Tested with datamask and rowfilter policies filtering in a cluster
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 73120: RANGER-3122: Support delegate-admin for
specific permissions - Part 2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/
-----------------------------------------------------------
(Updated Jan. 6, 2021, 11:41 p.m.)
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Changes
-------
Updated to remove reference to AUDIT policy type
Bugs: RANGER-3122
https://issues.apache.org/jira/browse/RANGER-3122
Repository: ranger
Description
-------
Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d
Diff: https://reviews.apache.org/r/73120/diff/2/
Changes: https://reviews.apache.org/r/73120/diff/1-2/
Testing
-------
Tested with datamask and rowfilter policies filtering in a cluster
Thanks,
Abhay Kulkarni