You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by pengjianhua <pe...@zte.com.cn> on 2017/09/22 03:06:03 UTC
Review Request 62490: Updated masking policy for hive to support for
deny/allowException/denyExceptions
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
Bugs: RANGER-1796
https://issues.apache.org/jira/browse/RANGER-1796
Repository: ranger
Description
-------
Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
Diff: https://reviews.apache.org/r/62490/diff/1/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 62490: Updated masking policy for hive to support
for deny/allowException/denyExceptions
Posted by pengjianhua <pe...@zte.com.cn>.
> On 九月 25, 2017, 11:56 a.m., Qiang Zhang wrote:
> > The following codes should be modified:
> > 1. `if(this.dataMaskPolicyAllowItemExceptions == dataMaskPolicyAllowItemExceptions) {` in `setDataMaskPolicyAllowItemExceptions(` for RangerPolicy.java
> > 2. `if(this.dataMaskPolicyDenyItems == dataMaskPolicyDenyItems) {` in `public void setDataMaskPolicyDenyItems(` for RangerPolicy.java
> > 3. `if(this.dataMaskPolicyDenyItemExceptions == dataMaskPolicyDenyItemExceptions) {` in `public void setDataMaskPolicyDenyItemExceptions(` for RangerPolicy.java
> >
> > Please fix them.
Thanks for you review I had update the patch ,Please review again.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/#review186105
-----------------------------------------------------------
On 九月 26, 2017, 7:31 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62490/
> -----------------------------------------------------------
>
> (Updated 九月 26, 2017, 7:31 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1796
> https://issues.apache.org/jira/browse/RANGER-1796
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
>
> We rigorously tested this issue. The test result shows that the feature is ok.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
>
>
> Diff: https://reviews.apache.org/r/62490/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 62490: Updated masking policy for hive to support
for deny/allowException/denyExceptions
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/#review186105
-----------------------------------------------------------
The following codes should be modified:
1. `if(this.dataMaskPolicyAllowItemExceptions == dataMaskPolicyAllowItemExceptions) {` in `setDataMaskPolicyAllowItemExceptions(` for RangerPolicy.java
2. `if(this.dataMaskPolicyDenyItems == dataMaskPolicyDenyItems) {` in `public void setDataMaskPolicyDenyItems(` for RangerPolicy.java
3. `if(this.dataMaskPolicyDenyItemExceptions == dataMaskPolicyDenyItemExceptions) {` in `public void setDataMaskPolicyDenyItemExceptions(` for RangerPolicy.java
Please fix them.
- Qiang Zhang
On 九月 25, 2017, 3:30 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62490/
> -----------------------------------------------------------
>
> (Updated 九月 25, 2017, 3:30 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1796
> https://issues.apache.org/jira/browse/RANGER-1796
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
>
> We rigorously tested this issue. The test result shows that the feature is ok.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
>
>
> Diff: https://reviews.apache.org/r/62490/diff/1/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 62490: Updated masking policy for hive to support
for deny/allowException/denyExceptions
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/#review186290
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On Sept. 26, 2017, 7:31 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62490/
> -----------------------------------------------------------
>
> (Updated Sept. 26, 2017, 7:31 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1796
> https://issues.apache.org/jira/browse/RANGER-1796
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
>
> We rigorously tested this issue. The test result shows that the feature is ok.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
>
>
> Diff: https://reviews.apache.org/r/62490/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 62490: Updated masking policy for hive to support
for deny/allowException/denyExceptions
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/
-----------------------------------------------------------
(Updated 九月 26, 2017, 7:31 a.m.)
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
Bugs: RANGER-1796
https://issues.apache.org/jira/browse/RANGER-1796
Repository: ranger
Description
-------
Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
We rigorously tested this issue. The test result shows that the feature is ok.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
Diff: https://reviews.apache.org/r/62490/diff/2/
Changes: https://reviews.apache.org/r/62490/diff/1-2/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 62490: Updated masking policy for hive to support
for deny/allowException/denyExceptions
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/
-----------------------------------------------------------
(Updated 九月 25, 2017, 3:30 a.m.)
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
Bugs: RANGER-1796
https://issues.apache.org/jira/browse/RANGER-1796
Repository: ranger
Description (updated)
-------
Masking policy for hive should support for deny/allowException/denyExceptions to meet further business needs. Such as masking policy for hive should support as following scene and so on:
USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group when created masking policy. The USER1 does not use masking and USER2, USER3 need masking.
We rigorously tested this issue. The test result shows that the feature is ok.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 60daed9
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 0b5fc0e
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 067ca04
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java f5d7ad3
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java edbde29
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 1b6f440
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da65074
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java f55a103
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d
Diff: https://reviews.apache.org/r/62490/diff/1/
Testing
-------
tested it
Thanks,
pengjianhua