You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2016/11/01 17:06:48 UTC

Review Request 53342: RANGER-1200: Ranger policies should support notion of OWNER user

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/
-----------------------------------------------------------

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-1200
    https://issues.apache.org/jira/browse/RANGER-1200


Repository: ranger


Description
-------

Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84 
  agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869 

Diff: https://reviews.apache.org/r/53342/diff/


Testing
-------

Unit tests passed. Tested with HDFS on local VM.


Thanks,

Abhay Kulkarni

Re: Review Request 53342: RANGER-1200: Ranger policies should support notion of OWNER user

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/#review154438
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Nov. 1, 2016, 6:47 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53342/
> -----------------------------------------------------------
> 
> (Updated Nov. 1, 2016, 6:47 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1200
>     https://issues.apache.org/jira/browse/RANGER-1200
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0 
>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84 
>   agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869 
> 
> Diff: https://reviews.apache.org/r/53342/diff/
> 
> 
> Testing
> -------
> 
> Unit tests passed. Tested with HDFS on local VM.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 53342: RANGER-1200: Ranger policies should support notion of OWNER user

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/
-----------------------------------------------------------

(Updated Nov. 1, 2016, 6:47 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Addressed review comments


Bugs: RANGER-1200
    https://issues.apache.org/jira/browse/RANGER-1200


Repository: ranger


Description
-------

Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84 
  agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869 

Diff: https://reviews.apache.org/r/53342/diff/


Testing
-------

Unit tests passed. Tested with HDFS on local VM.


Thanks,

Abhay Kulkarni

Re: Review Request 53342: RANGER-1200: Ranger policies should support notion of OWNER user

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/#review154421
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java (line 85)
<https://reviews.apache.org/r/53342/#comment223959>

    break at lines #85 and #89 might result in only one of these variables be set: hasCurrentUser, hasResourceOwner.
    
    Either break should be removed or the condition should be modified to break only when both variables are set to true.



agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java (line 279)
<https://reviews.apache.org/r/53342/#comment223961>

    I think hasResourceOwner should not be used here; please review.


- Madhan Neethiraj


On Nov. 1, 2016, 5:06 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53342/
> -----------------------------------------------------------
> 
> (Updated Nov. 1, 2016, 5:06 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1200
>     https://issues.apache.org/jira/browse/RANGER-1200
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0 
>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84 
>   agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869 
> 
> Diff: https://reviews.apache.org/r/53342/diff/
> 
> 
> Testing
> -------
> 
> Unit tests passed. Tested with HDFS on local VM.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>