ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III
Date Mon, 13 Jul 2020 21:58:34 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72674/
-----------------------------------------------------------

Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-2858
    https://issues.apache.org/jira/browse/RANGER-2858


Repository: ranger


Description
-------

Permission is granted  for 'any' access for a non-empty resource if any policy in any security
zone allows permission. Only the policies in the security zone for the accessed resource should
be considered for authorization in such scenario.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
dbdb78048 


Diff: https://reviews.apache.org/r/72674/diff/1/


Testing
-------

Tested for hive service, by exercising 'use <database>' command using beeline. Verified
that only the policies in the security zone which contains resource <database> are evaluated
for access.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message