ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 71493: RANGER-2569:Policy with isDenyAllElse=true denies request to check if any access is allowed
Date Tue, 17 Sep 2019 06:38:20 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71493/#review217773
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Sept. 17, 2019, 6:34 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71493/
> -----------------------------------------------------------
> 
> (Updated Sept. 17, 2019, 6:34 a.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2569
>     https://issues.apache.org/jira/browse/RANGER-2569
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-2507 introduced flag isDenyAllElse in RangerPolicy to implicitly deny accesses
other than the ones granted in this policy. Such policies incorrectly deny requests to check
if the user has any access for a given resource - if the policy explicitly doesn't allow the
user any access. This is incorrect, as this prevents other policies from being evaluated to
check if they grant the user any access.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
4c1402ac1 
> 
> 
> Diff: https://reviews.apache.org/r/71493/diff/1/
> 
> 
> Testing
> -------
> 
> Ran all unit tests successfully
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message