You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Fatima Khan <fa...@gmail.com> on 2018/03/26 13:02:36 UTC

Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
-----------------------------------------------------------

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.


Bugs: RANGER-2039
    https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
-------

Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/1/


Testing
-------

Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Mehul Parikh <me...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200279
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Qiang Zhang <zh...@zte.com.cn>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200277
-----------------------------------------------------------


Ship it!




Ship It!

- Qiang Zhang


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200365
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On April 3, 2018, 5:22 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 3, 2018, 5:22 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Qiang Zhang <zh...@zte.com.cn>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200428
-----------------------------------------------------------


Ship it!




Ship It!

- Qiang Zhang


On April 3, 2018, 5:22 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 3, 2018, 5:22 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Fatima Khan <fa...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
-----------------------------------------------------------

(Updated April 3, 2018, 5:22 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.


Bugs: RANGER-2039
    https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
-------

Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.


Diffs
-----

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
  security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/


Testing
-------

Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200315
-----------------------------------------------------------


Ship it!





security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
Lines 1 (patched)
<https://reviews.apache.org/r/66279/#comment281012>

    Please update the branch to be master.


- Velmurugan Periasamy


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Fatima Khan <fa...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
-----------------------------------------------------------

(Updated April 2, 2018, 7:39 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.


Bugs: RANGER-2039
    https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
-------

Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.


Diffs (updated)
-----

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
  security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/

Changes: https://reviews.apache.org/r/66279/diff/1-2/


Testing
-------

Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Fatima Khan <fa...@gmail.com>.


> On April 2, 2018, 5:40 a.m., Pradeep Agrawal wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
> > Lines 88 (patched)
> > <https://reviews.apache.org/r/66279/diff/1/?file=1987381#file1987381line88>
> >
> >     Is it okay to continue the flow if either of them is null

Yes even if any one of the module object is null then it will go as per the flow and if both module's object is null then it will log an a warning and exit.


- Fatima


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200275
-----------------------------------------------------------


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200275
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
Lines 35 (patched)
<https://reviews.apache.org/r/66279/#comment280943>

    1) Patch Number J10013 is already in use now, Please change it to J10014.
    2) Add entry of this patch in the ranger_core_db_schema.sql file of all DB flavors.



security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
Lines 88 (patched)
<https://reviews.apache.org/r/66279/#comment280944>

    Is it okay to continue the flow if either of them is null


- Pradeep Agrawal


On March 26, 2018, 1:02 p.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> -----------------------------------------------------------
> 
> (Updated March 26, 2018, 1:02 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
>     https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/1/
> 
> 
> Testing
> -------
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>