[
https://issues.apache.org/jira/browse/RANGER-1949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zsombor Gegesy reassigned RANGER-1949:
--------------------------------------
Assignee: Zsombor Gegesy
> KMS getKeys should filter based on name policy
> ----------------------------------------------
>
> Key: RANGER-1949
> URL: https://issues.apache.org/jira/browse/RANGER-1949
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Reporter: Owen O'Malley
> Assignee: Zsombor Gegesy
>
> Currently when there are policies that limit users to certain keys, such as
> "pii*" those users can't call KMS.getKeyNames() even if they have the
> "getkeys" permission.
> This is because the method passes a null down for the key name, which will
> only match if the user can see all keys. A much better solution would be to
> filter each key individually and just returns the ones that should be
> visible. So if they have permission to see "pii*" and the keys were {"pii",
> "pii256", and "secret"} they would get back a list of "pii" and "pii256".
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
