You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2021/01/06 22:52:44 UTC

Re: Review Request 73120: RANGER-3122: Support delegate-admin for specific permissions - Part 2

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/
-----------------------------------------------------------

(Updated Jan. 6, 2021, 10:52 p.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Summary (updated)
-----------------

RANGER-3122: Support delegate-admin for specific permissions - Part 2


Bugs: RANGER-3122
    https://issues.apache.org/jira/browse/RANGER-3122


Repository: ranger


Description
-------

Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.

This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d 


Diff: https://reviews.apache.org/r/73120/diff/1/


Testing
-------

Tested with datamask and rowfilter policies filtering in a cluster


Thanks,

Abhay Kulkarni

Re: Review Request 73120: RANGER-3122: Support delegate-admin for specific permissions - Part 2

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222412
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On Jan. 6, 2021, 10:52 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
> 
> (Updated Jan. 6, 2021, 10:52 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-3122
>     https://issues.apache.org/jira/browse/RANGER-3122
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
> 
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d 
> 
> 
> Diff: https://reviews.apache.org/r/73120/diff/1/
> 
> 
> Testing
> -------
> 
> Tested with datamask and rowfilter policies filtering in a cluster
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73120: RANGER-3122: Support delegate-admin for specific permissions - Part 2

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222415
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 6, 2021, 11:41 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
> 
> (Updated Jan. 6, 2021, 11:41 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-3122
>     https://issues.apache.org/jira/browse/RANGER-3122
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
> 
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d 
> 
> 
> Diff: https://reviews.apache.org/r/73120/diff/2/
> 
> 
> Testing
> -------
> 
> Tested with datamask and rowfilter policies filtering in a cluster
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73120: RANGER-3122: Support delegate-admin for specific permissions - Part 2

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/#review222413
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On Jan. 6, 2021, 11:41 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73120/
> -----------------------------------------------------------
> 
> (Updated Jan. 6, 2021, 11:41 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-3122
>     https://issues.apache.org/jira/browse/RANGER-3122
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.
> 
> This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d 
> 
> 
> Diff: https://reviews.apache.org/r/73120/diff/2/
> 
> 
> Testing
> -------
> 
> Tested with datamask and rowfilter policies filtering in a cluster
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73120: RANGER-3122: Support delegate-admin for specific permissions - Part 2

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73120/
-----------------------------------------------------------

(Updated Jan. 6, 2021, 11:41 p.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Changes
-------

Updated to remove reference to AUDIT policy type


Bugs: RANGER-3122
    https://issues.apache.org/jira/browse/RANGER-3122


Repository: ranger


Description
-------

Currently delegate-admin cannot be marked for specific permissions. It is all-or-nothing for the permissions defined in resource policy. Ranger should have ability for granting delegate-admin for specific permissions.

This patch ensures that rowfilter and datamask policies are filtered correctly for delegated-admin access.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java d868e397d 


Diff: https://reviews.apache.org/r/73120/diff/2/

Changes: https://reviews.apache.org/r/73120/diff/1-2/


Testing
-------

Tested with datamask and rowfilter policies filtering in a cluster


Thanks,

Abhay Kulkarni