ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Review Request 67770: RANGER-2143: updated Atlas authorizer with addtion of scrubSearchResults() method
Date Thu, 28 Jun 2018 21:16:04 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67770/#review205526
-----------------------------------------------------------




plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
Lines 295 (patched)
<https://reviews.apache.org/r/67770/#comment288427>

    If I have a classification on a entity,and have policy for that classification, then ranger
allowed to access which is fine. But other entities which don't have classifications has to
have "_Not_Classified" policy in ranger in order to access, which make it that we need to
have "
    _NOT_Classified" for all the resources which need access or we need to have "*" policy
for the classification.
    Is this the intended way?  I thought that entities without classification will be always
allowed.



ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
Lines 185 (patched)
<https://reviews.apache.org/r/67770/#comment288422>

    ret is never used. Please remove this.


- Ramesh Mani


On June 28, 2018, 9:27 a.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67770/
> -----------------------------------------------------------
> 
> (Updated June 28, 2018, 9:27 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Nixon Rodrigues, Ramesh Mani, and Sarath Subramanian.
> 
> 
> Bugs: RANGER-2143
>     https://issues.apache.org/jira/browse/RANGER-2143
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> - updated Atlas authorizer with addtion of scrubSearchResults() method
> - updated entity-access authorization to enable authorization of entity that don't have
any classification
> 
> 
> Diffs
> -----
> 
>   plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
8d56f14f9 
>   plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
aba4b8c2e 
>   pom.xml 07952102e 
>   ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
9302bdd09 
> 
> 
> Diff: https://reviews.apache.org/r/67770/diff/1/
> 
> 
> Testing
> -------
> 
> - verified that entity-attributes and classifications in the search-result are cleared
for entities the user doesn't have read access to
> - verified that authorization policy with entity-classification=_NOT_CLASSIFIED applies
for entities that don't have any classification associated
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message