You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2018/03/15 23:07:38 UTC
Review Request 66107: Evaluate grantor's group membership in the
plugin for grant/revoke request
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66107/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-2027
https://issues.apache.org/jira/browse/RANGER-2027
Repository: ranger
Description
-------
Instead of computing group membership in the ranger-admin, it is better to compute it in the plugin using component's user identity manager and relayed to ranger-admin in the grant/revoke request. Ranger-Admin's user identify manager may be used to compute group membership only as a fallback for backward compatibility.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 0c5b2d80b
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b45
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2c2a51866
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java dad8a975e
Diff: https://reviews.apache.org/r/66107/diff/1/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni
Re: Review Request 66107: Evaluate grantor's group membership in the
plugin for grant/revoke request
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66107/#review199376
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On March 15, 2018, 11:07 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66107/
> -----------------------------------------------------------
>
> (Updated March 15, 2018, 11:07 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-2027
> https://issues.apache.org/jira/browse/RANGER-2027
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Instead of computing group membership in the ranger-admin, it is better to compute it in the plugin using component's user identity manager and relayed to ranger-admin in the grant/revoke request. Ranger-Admin's user identify manager may be used to compute group membership only as a fallback for backward compatibility.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 0c5b2d80b
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b45
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2c2a51866
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java dad8a975e
>
>
> Diff: https://reviews.apache.org/r/66107/diff/1/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>