ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nityananda Gohain (Jira)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
Date Tue, 14 Jul 2020 17:35:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nityananda Gohain updated RANGER-2909:
--------------------------------------
    Description: 
We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but we wanted authorisation
for `entity-labels` and `entity-business-metadata` that comes with new version of Atlas i.e
Atlas 2.0.0.
 # We tried building ranger from the master branch, but authorisation for roles which were
attached to policies was not working (authorisation for users and groups attached to policies
was working)
 # Since the above didn’t work we tried building ranger from the specific commit where the
patch to support authorisation for labels and  business-metadata was added [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] 
, the same problem appeared here i.e authorisation for roles attached to policies was not
working
 # Finally, we added the patches to  Ranger 2.0.0
 ## Applied the patches  [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
, [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
 ## After building and running ranger I had to manually delete the entry from `x_db_version_h`
table i.e `J10034` and then restart ranger to apply the patch by running `db_setup.py`. Even
after applying the patch, the changes are not reflected. i.e(No option for `entity-label`
and `entity-business-metadata`  (have also checked `x_access_type_def` table and entity-label
and entity-business-metadata was not present)

What will be the best way to move forward to support authorisation for `labels` and `business-metadata`
where authorisation policies work with roles.

  was:
We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but we wanted authorisation
for `entity-labels` and `entity-business-metadata` that comes with new version of Atlas i.e
Atlas 2.0.0.
 # We tried building ranger from the master branch, but authorisation for roles which were
attached to policies was not working (authorisation for users and groups attached to policies
was working)
 # Since the above didn’t work we tried building ranger from the specific commit where the
patch to support authorisation for labels and  business-metadata was added [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] 
, the same problem appeared here i.e authorisation for roles attached to policies was not
working
 # Finally, we added the patches to  Ranger 2.0.0
 ## Applied the patches  [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
, [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
 ## After building and running ranger I had to manually delete the entry from `x_db_version_h`
table i.e `J10034` and then restart ranger to apply the patch by running `db_setup.py`. Even
after applying the patch, the changes are not reflected. i.e(No option for `entity-label`
and `entity-business-metadata`

What will be the best way to move forward to support authorisation for `labels` and `business-metadata`
where authorisation policies work with roles.


> Authorization support for atlas `entity-label` and `entity-business metadata`
> -----------------------------------------------------------------------------
>
>                 Key: RANGER-2909
>                 URL: https://issues.apache.org/jira/browse/RANGER-2909
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: ranger-2.0
>            Reporter: Nityananda Gohain
>            Priority: Major
>
> We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but we wanted
authorisation for `entity-labels` and `entity-business-metadata` that comes with new version
of Atlas i.e Atlas 2.0.0.
>  # We tried building ranger from the master branch, but authorisation for roles which
were attached to policies was not working (authorisation for users and groups attached to
policies was working)
>  # Since the above didn’t work we tried building ranger from the specific commit where
the patch to support authorisation for labels and  business-metadata was added [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] 
, the same problem appeared here i.e authorisation for roles attached to policies was not
working
>  # Finally, we added the patches to  Ranger 2.0.0
>  ## Applied the patches  [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
, [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
>  ## After building and running ranger I had to manually delete the entry from `x_db_version_h`
table i.e `J10034` and then restart ranger to apply the patch by running `db_setup.py`. Even
after applying the patch, the changes are not reflected. i.e(No option for `entity-label`
and `entity-business-metadata`  (have also checked `x_access_type_def` table and entity-label
and entity-business-metadata was not present)
> What will be the best way to move forward to support authorisation for `labels` and `business-metadata`
where authorisation policies work with roles.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message