You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2016/11/01 17:06:48 UTC
Review Request 53342: RANGER-1200: Ranger policies should support
notion of OWNER user
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-1200
https://issues.apache.org/jira/browse/RANGER-1200
Repository: ranger
Description
-------
Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84
agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869
Diff: https://reviews.apache.org/r/53342/diff/
Testing
-------
Unit tests passed. Tested with HDFS on local VM.
Thanks,
Abhay Kulkarni
Re: Review Request 53342: RANGER-1200: Ranger policies should support
notion of OWNER user
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/#review154438
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Nov. 1, 2016, 6:47 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53342/
> -----------------------------------------------------------
>
> (Updated Nov. 1, 2016, 6:47 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-1200
> https://issues.apache.org/jira/browse/RANGER-1200
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84
> agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869
>
> Diff: https://reviews.apache.org/r/53342/diff/
>
>
> Testing
> -------
>
> Unit tests passed. Tested with HDFS on local VM.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 53342: RANGER-1200: Ranger policies should support
notion of OWNER user
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/
-----------------------------------------------------------
(Updated Nov. 1, 2016, 6:47 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Addressed review comments
Bugs: RANGER-1200
https://issues.apache.org/jira/browse/RANGER-1200
Repository: ranger
Description
-------
Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84
agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869
Diff: https://reviews.apache.org/r/53342/diff/
Testing
-------
Unit tests passed. Tested with HDFS on local VM.
Thanks,
Abhay Kulkarni
Re: Review Request 53342: RANGER-1200: Ranger policies should support
notion of OWNER user
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53342/#review154421
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java (line 85)
<https://reviews.apache.org/r/53342/#comment223959>
break at lines #85 and #89 might result in only one of these variables be set: hasCurrentUser, hasResourceOwner.
Either break should be removed or the condition should be modified to break only when both variables are set to true.
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java (line 279)
<https://reviews.apache.org/r/53342/#comment223961>
I think hasResourceOwner should not be used here; please review.
- Madhan Neethiraj
On Nov. 1, 2016, 5:06 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53342/
> -----------------------------------------------------------
>
> (Updated Nov. 1, 2016, 5:06 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-1200
> https://issues.apache.org/jira/browse/RANGER-1200
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Components like HDFS have the notion of an owner for the resource being accessed. For such components, it should be possible to setup Ranger policies to grant specific permissions for owners of accessed resources.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java e0a8a91
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 84aac1e
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java fb854d0
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java cb0af84
> agents-common/src/test/resources/policyengine/test_policyengine_owner.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d709869
>
> Diff: https://reviews.apache.org/r/53342/diff/
>
>
> Testing
> -------
>
> Unit tests passed. Tested with HDFS on local VM.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>