You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2016/04/04 09:44:45 UTC
Review Request 45669: RANGER-908: Ranger policy model updated to
support row-filtering
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45669/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-908
https://issues.apache.org/jira/browse/RANGER-908
Repository: ranger
Description
-------
Following updates were made to Ranger policy model to support row-filtering:
- added new type of policy: POLICY_TYPE_ROWFILTER (2)
- added RangerServiceDef.rowFilterDef, to capture details of the accessTypes, resources supported in rowFilter policies
- added RangerPolicy.rowFilterPolicyItems, to capture details of the filter expression to apply for a given user/group/custom conditions
- added RangerPolicyEngine.evalRowFilterPolicies(), to evaluate row-filter policies & return the filter-expression to apply
- updated ServiceDBStore and other related objects to persist new fields in the database
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java f022707
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 1dac6e8
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 101d911
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java d19e3d0
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 51cab80
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b1463bc
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRowFilterResult.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDataMaskPolicyItemEvaluator.java 62d624c
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java 4583de9
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b87891f
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 1010727
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 3c4b926
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerRowFilterPolicyItemEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b154115
agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 34f4cc6
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 05cbcde
agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b0e4557
security-admin/db/mysql/patches/020-datamask-policy.sql 8a612b3
security-admin/db/postgres/patches/020-datamask-policy.sql d000822
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 89daaea
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c4a823c
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e9c8394
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 6988750
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 5431553
security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 5bc22e0
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java 391f5a8
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 6679c35
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java a0047a5
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2bb66ca
security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 5cb0290
Diff: https://reviews.apache.org/r/45669/diff/
Testing
-------
Added unit tests to verify the new type of policy
Thanks,
Madhan Neethiraj
Re: Review Request 45669: RANGER-908: Ranger policy model updated to
support row-filtering
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45669/#review127123
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On April 5, 2016, 6:51 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45669/
> -----------------------------------------------------------
>
> (Updated April 5, 2016, 6:51 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-908
> https://issues.apache.org/jira/browse/RANGER-908
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Following updates were made to Ranger policy model to support row-filtering:
> - added new type of policy: POLICY_TYPE_ROWFILTER (2)
> - added RangerServiceDef.rowFilterDef, to capture details of the accessTypes, resources supported in rowFilter policies
> - added RangerPolicy.rowFilterPolicyItems, to capture details of the filter expression to apply for a given user/group/custom conditions
> - added RangerPolicyEngine.evalRowFilterPolicies(), to evaluate row-filter policies & return the filter-expression to apply
> - updated ServiceDBStore and other related objects to persist new fields in the database
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java f022707
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 1dac6e8
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 101d911
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java d19e3d0
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 51cab80
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b1463bc
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRowFilterResult.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDataMaskPolicyItemEvaluator.java 62d624c
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java 4583de9
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b87891f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 1010727
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 3c4b926
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aef7bcb
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b154115
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 34f4cc6
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json f3c75d1
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 05cbcde
> agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b0e4557
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java e0e1e7a
> security-admin/db/mysql/patches/020-datamask-policy.sql 8a612b3
> security-admin/db/postgres/patches/020-datamask-policy.sql d000822
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 89daaea
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c4a823c
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e9c8394
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 6988750
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 5431553
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 5bc22e0
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java 391f5a8
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 6679c35
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java a0047a5
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2bb66ca
> security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 5cb0290
>
> Diff: https://reviews.apache.org/r/45669/diff/
>
>
> Testing
> -------
>
> Added unit tests to verify the new type of policy
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 45669: RANGER-908: Ranger policy model updated to
support row-filtering
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45669/
-----------------------------------------------------------
(Updated April 5, 2016, 6:51 a.m.)
Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-908
https://issues.apache.org/jira/browse/RANGER-908
Repository: ranger
Description
-------
Following updates were made to Ranger policy model to support row-filtering:
- added new type of policy: POLICY_TYPE_ROWFILTER (2)
- added RangerServiceDef.rowFilterDef, to capture details of the accessTypes, resources supported in rowFilter policies
- added RangerPolicy.rowFilterPolicyItems, to capture details of the filter expression to apply for a given user/group/custom conditions
- added RangerPolicyEngine.evalRowFilterPolicies(), to evaluate row-filter policies & return the filter-expression to apply
- updated ServiceDBStore and other related objects to persist new fields in the database
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java f022707
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 1dac6e8
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 101d911
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java d19e3d0
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 51cab80
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b1463bc
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRowFilterResult.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDataMaskPolicyItemEvaluator.java 62d624c
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java 4583de9
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b87891f
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 1010727
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 3c4b926
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerRowFilterPolicyItemEvaluator.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aef7bcb
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b154115
agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 34f4cc6
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json f3c75d1
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 05cbcde
agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b0e4557
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java e0e1e7a
security-admin/db/mysql/patches/020-datamask-policy.sql 8a612b3
security-admin/db/postgres/patches/020-datamask-policy.sql d000822
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 89daaea
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c4a823c
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e9c8394
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 6988750
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 5431553
security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 5bc22e0
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java 391f5a8
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 6679c35
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java a0047a5
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2bb66ca
security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 5cb0290
Diff: https://reviews.apache.org/r/45669/diff/
Testing
-------
Added unit tests to verify the new type of policy
Thanks,
Madhan Neethiraj
Re: Review Request 45669: RANGER-908: Ranger policy model updated to
support row-filtering
Posted by Madhan Neethiraj <ma...@apache.org>.
> On April 5, 2016, 5:44 a.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java, line 2471
> > <https://reviews.apache.org/r/45669/diff/1/?file=1323947#file1323947line2471>
> >
> > Indentation
This looks like an issue with review board.
> On April 5, 2016, 5:44 a.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java, line 1528
> > <https://reviews.apache.org/r/45669/diff/1/?file=1323948#file1323948line1528>
> >
> > Indentation
This looks like an issue with review board.
- Madhan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45669/#review127035
-----------------------------------------------------------
On April 5, 2016, 6:51 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45669/
> -----------------------------------------------------------
>
> (Updated April 5, 2016, 6:51 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-908
> https://issues.apache.org/jira/browse/RANGER-908
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Following updates were made to Ranger policy model to support row-filtering:
> - added new type of policy: POLICY_TYPE_ROWFILTER (2)
> - added RangerServiceDef.rowFilterDef, to capture details of the accessTypes, resources supported in rowFilter policies
> - added RangerPolicy.rowFilterPolicyItems, to capture details of the filter expression to apply for a given user/group/custom conditions
> - added RangerPolicyEngine.evalRowFilterPolicies(), to evaluate row-filter policies & return the filter-expression to apply
> - updated ServiceDBStore and other related objects to persist new fields in the database
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java f022707
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 1dac6e8
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 101d911
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java d19e3d0
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 51cab80
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b1463bc
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRowFilterResult.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDataMaskPolicyItemEvaluator.java 62d624c
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java 4583de9
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b87891f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 1010727
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 3c4b926
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aef7bcb
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b154115
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 34f4cc6
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json f3c75d1
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 05cbcde
> agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b0e4557
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java e0e1e7a
> security-admin/db/mysql/patches/020-datamask-policy.sql 8a612b3
> security-admin/db/postgres/patches/020-datamask-policy.sql d000822
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 89daaea
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c4a823c
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e9c8394
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 6988750
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 5431553
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 5bc22e0
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java 391f5a8
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 6679c35
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java a0047a5
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2bb66ca
> security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 5cb0290
>
> Diff: https://reviews.apache.org/r/45669/diff/
>
>
> Testing
> -------
>
> Added unit tests to verify the new type of policy
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 45669: RANGER-908: Ranger policy model updated to
support row-filtering
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45669/#review127035
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java (line 733)
<https://reviews.apache.org/r/45669/#comment190166>
Please consider processing of unknown item-type in a roll-back scenario where older version of Ranger is used to work with Ranger database created by this version of Ranger.
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 2447)
<https://reviews.apache.org/r/45669/#comment190168>
Indentation
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java (line 1528)
<https://reviews.apache.org/r/45669/#comment190169>
Indentation
- Abhay Kulkarni
On April 4, 2016, 7:44 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45669/
> -----------------------------------------------------------
>
> (Updated April 4, 2016, 7:44 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-908
> https://issues.apache.org/jira/browse/RANGER-908
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Following updates were made to Ranger policy model to support row-filtering:
> - added new type of policy: POLICY_TYPE_ROWFILTER (2)
> - added RangerServiceDef.rowFilterDef, to capture details of the accessTypes, resources supported in rowFilter policies
> - added RangerPolicy.rowFilterPolicyItems, to capture details of the filter expression to apply for a given user/group/custom conditions
> - added RangerPolicyEngine.evalRowFilterPolicies(), to evaluate row-filter policies & return the filter-expression to apply
> - updated ServiceDBStore and other related objects to persist new fields in the database
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java f022707
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 1dac6e8
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 101d911
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java d19e3d0
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 51cab80
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b1463bc
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRowFilterResult.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDataMaskPolicyItemEvaluator.java 62d624c
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java 4583de9
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b87891f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 1010727
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 3c4b926
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerRowFilterPolicyItemEvaluator.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b154115
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 34f4cc6
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 05cbcde
> agents-common/src/test/resources/policyengine/test_policyengine_hive_mask_filter.json PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json b0e4557
> security-admin/db/mysql/patches/020-datamask-policy.sql 8a612b3
> security-admin/db/postgres/patches/020-datamask-policy.sql d000822
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 89daaea
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c4a823c
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e9c8394
> security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 6988750
> security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 5431553
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 5bc22e0
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemDataMaskInfo.java 391f5a8
> security-admin/src/main/java/org/apache/ranger/entity/XXPolicyItemRowFilterInfo.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 6679c35
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java a0047a5
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 2bb66ca
> security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 5cb0290
>
> Diff: https://reviews.apache.org/r/45669/diff/
>
>
> Testing
> -------
>
> Added unit tests to verify the new type of policy
>
>
> Thanks,
>
> Madhan Neethiraj
>
>