ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III
Date Mon, 13 Jul 2020 22:33:42 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72674/#review221203
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On July 13, 2020, 9:58 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72674/
> -----------------------------------------------------------
> 
> (Updated July 13, 2020, 9:58 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2858
>     https://issues.apache.org/jira/browse/RANGER-2858
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Permission is granted  for 'any' access for a non-empty resource if any policy in any
security zone allows permission. Only the policies in the security zone for the accessed resource
should be considered for authorization in such scenario.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
dbdb78048 
> 
> 
> Diff: https://reviews.apache.org/r/72674/diff/1/
> 
> 
> Testing
> -------
> 
> Tested for hive service, by exercising 'use <database>' command using beeline.
Verified that only the policies in the security zone which contains resource <database>
are evaluated for access.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message