----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66588/ -----------------------------------------------------------
Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. Bugs: RANGER-2066 https://issues.apache.org/jira/browse/RANGER-2066 Repository: ranger Description ------- SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user. When test_user executes "scan 'emp' " command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should be authorized by resource policy. Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 83d128061 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 5bce47b43 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java bfdf58163 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 63fc468d8 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 312deefed agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java a6cea957c agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java e3cd15462 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java be0ab7de1 agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ef758874a Diff: https://reviews.apache.org/r/66588/diff/1/ Testing ------- Developed a unit test scenario for testing the case. Used localVM to test hbase plugin. Thanks, Abhay Kulkarni