You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hawq.apache.org by zhangh43 <gi...@git.apache.org> on 2017/02/14 06:22:18 UTC

[GitHub] incubator-hawq pull request #1119: HAWQ-1328. Add deny and exclude policy te...

GitHub user zhangh43 opened a pull request:

    https://github.com/apache/incubator-hawq/pull/1119

    HAWQ-1328. Add deny and exclude policy template for hawq service in ranger

    add option "enableDenyAndExceptionsInPolicies": "true" in ranger-servicedef-hawq.json to open deny and exclude policy template by default.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zhangh43/incubator-hawq hawq1328

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-hawq/pull/1119.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1119
    
----
commit c9a8770fa85e0529fe0e89e6e1aef651c56687cf
Author: hubertzhang <hu...@apache.org>
Date:   2017-02-14T06:20:13Z

    HAWQ-1328. Add deny and exclude policy template for hawq service in ranger.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq issue #1119: HAWQ-1328. Add deny and exclude policy template ...

Posted by zhangh43 <gi...@git.apache.org>.

Github user zhangh43 commented on the issue:

    https://github.com/apache/incubator-hawq/pull/1119
  
    Thanks @denalex , the quote typo is fixed.
    According to the Ranger document, Ranger will traverse all the deny conditions firstly to determine whether to disallow the access. And then traverse all the positive conditions. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq issue #1119: HAWQ-1328. Add deny and exclude policy template ...

Posted by zhangh43 <gi...@git.apache.org>.

Github user zhangh43 commented on the issue:

    https://github.com/apache/incubator-hawq/pull/1119
  
    @denalex @linwen Please review it.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq issue #1119: HAWQ-1328. Add deny and exclude policy template ...

Posted by ictmalili <gi...@git.apache.org>.

Github user ictmalili commented on the issue:

    https://github.com/apache/incubator-hawq/pull/1119
  
    @denalex What do you mean by "even though with deny conditions access might not be determined, the RPS will continue to interpret it as access not allowed"?  Doesn't it inherit the processing the Ranger Basic Plugin?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq pull request #1119: HAWQ-1328. Add deny and exclude policy te...

Posted by zhangh43 <gi...@git.apache.org>.

Github user zhangh43 closed the pull request at:

    https://github.com/apache/incubator-hawq/pull/1119


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq issue #1119: HAWQ-1328. Add deny and exclude policy template ...

Posted by ictmalili <gi...@git.apache.org>.

Github user ictmalili commented on the issue:

    https://github.com/apache/incubator-hawq/pull/1119
  
    OK. Got your point, Thanks @denalex 
    
    This commit LGTM. +1


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq issue #1119: HAWQ-1328. Add deny and exclude policy template ...

Posted by denalex <gi...@git.apache.org>.

Github user denalex commented on the issue:

    https://github.com/apache/incubator-hawq/pull/1119
  
    @ictmalili -- yes, it inherits, but RPS does not check isAccessDetermined() flag on the BasePluginResponse. It only checks isAccessAllowed() flag and only if it is "true" it reports to HAWQ that access is allowed, all other cases are treated as access is not allowed.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---