-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57668/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-1460
https://issues.apache.org/jira/browse/RANGER-1460
Repository: ranger
Description
-------
If there is one tag policy which allows access to HDFS resource and if there
are no resource policies for HDFS, then authorization falls back to hadoop
acls. In such cases, Ranger authorizer should allow access to the resource
without falling back to hadoop acls, as tag policy has allowed access and there
is no resource policy.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
0c9c0fa
Diff: https://reviews.apache.org/r/57668/diff/1/
Testing
-------
Tests:
/user/user1 has a tag associated with it, whose policy allows access to user2.
/user/user1 has hadoop-acls which do not allow access to user2.
There are no resource-based policy defined for the HDFS service.
user2 lists /user/user1 --> success (allowed by tag policy)
user1 lists /user/user1 --> success (allowed by hadoop acls)
Thanks,
Abhay Kulkarni
