You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2015/09/03 22:32:59 UTC
Review Request 38108: RANGER-606: updated policy model to support
'exceptions' policy items
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38108/
-----------------------------------------------------------
Review request for ranger and Abhay Kulkarni.
Bugs: RANGER-606
https://issues.apache.org/jira/browse/RANGER-606
Repository: ranger
Description
-------
updated policy model to support 'exceptions' policy items, which enables the policy authors to specify conditions (like users, groups, ...) for which this policy is not applicable. This can be used for example to create a policy that allows/denies access to a wider group (for example: public/employees/..) and exclude specific users/groups/.. (like manager/admin/..).
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerContextAttributeValueNotInCondition.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java e0aee6b
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java 9696e03
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 57d1be9
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 7bd1208
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 96312fe
agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json 0b827e4
agents-common/src/test/resources/policyengine/test_policyengine_hive_mutex_conditions.json b9bcad4
agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json 16dcf6f
agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 6507809
security-admin/db/mysql/patches/016-updated-schema-for-tag-based-policy.sql 79699ce
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java e9454f9
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItem.java 0c70e73
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java 1f73504
security-admin/src/main/webapp/scripts/modules/globalize/message/en.js a5474c9
security-admin/src/main/webapp/scripts/utils/XAEnums.js 183d201
security-admin/src/main/webapp/scripts/utils/XAUtils.js d3530e7
security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 6be0329
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b0c910f
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js a9ee1b5
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js f3f233d
security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 40db4cb
security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 5c5309d
security-admin/src/main/webapp/templates/policies/PermissionItem.html 99c20fa
security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 77f7605
security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html 0d632a4
security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html 353baa9
security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html f61e91f
Diff: https://reviews.apache.org/r/38108/diff/
Testing
-------
- Redefined exclusive_allow policies in existing unit tests with corresponding allow/deny policies which exceptions.
Thanks,
Madhan Neethiraj