You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Alok Lal <al...@hortonworks.com> on 2015/06/03 08:17:15 UTC
Review Request 34985: RANGER-524 hbase shell list command should
prune the list of tables returned based on user's access
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34985/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-524
https://issues.apache.org/jira/browse/RANGER-524
Repository: ranger
Description
-------
hbase shell list command should prune the list of tables returned based on user's access.
Diffs
-----
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java 46ed758
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 3a67dd9
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessorBase.java b9076b0
Diff: https://reviews.apache.org/r/34985/diff/
Testing
-------
Access
- List is pruned if user has access to part of tables.
- all tables returned to super-user and users with full access.
- List is pruned down to empty for users with no access. No error returned.
- list <table-name> comes back empty in case of no access or returns that table in case of access
- list <reg-ex> comes back with appropriate matching tables
Audit
- Each table successfully returned by list command is logged for all users (including super-users) if auditing is turned on.
- Single audit logged for each table returned to the user.
- No negative logging for tables that are denied.
Thanks,
Alok Lal
Re: Review Request 34985: RANGER-524 hbase shell list command should
prune the list of tables returned based on user's access
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34985/#review86365
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On June 3, 2015, 6:17 a.m., Alok Lal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34985/
> -----------------------------------------------------------
>
> (Updated June 3, 2015, 6:17 a.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-524
> https://issues.apache.org/jira/browse/RANGER-524
>
>
> Repository: ranger
>
>
> Description
> -------
>
> hbase shell list command should prune the list of tables returned based on user's access.
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java 46ed758
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 3a67dd9
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessorBase.java b9076b0
>
> Diff: https://reviews.apache.org/r/34985/diff/
>
>
> Testing
> -------
>
> Access
> - List is pruned if user has access to part of tables.
> - all tables returned to super-user and users with full access.
> - List is pruned down to empty for users with no access. No error returned.
> - list <table-name> comes back empty in case of no access or returns that table in case of access
> - list <reg-ex> comes back with appropriate matching tables
>
> Audit
> - Each table successfully returned by list command is logged for all users (including super-users) if auditing is turned on.
> - Single audit logged for each table returned to the user.
> - No negative logging for tables that are denied.
>
>
> Thanks,
>
> Alok Lal
>
>