----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66588/#review201066 -----------------------------------------------------------
Ship it! Ship It! - pengjianhua On 四月 12, 2018, 6:13 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66588/ > ----------------------------------------------------------- > > (Updated 四月 12, 2018, 6:13 p.m.) > > > Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. > > > Bugs: RANGER-2066 > https://issues.apache.org/jira/browse/RANGER-2066 > > > Repository: ranger > > > Description > ------- > > SCENARIO: > > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > > prof_data column-family should be authorized by resource policy. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java > 83d128061 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > 5bce47b43 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java > bfdf58163 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 63fc468d8 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java > 312deefed > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java > a6cea957c > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java > e3cd15462 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java > be0ab7de1 > > agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json > ef758874a > > > Diff: https://reviews.apache.org/r/66588/diff/1/ > > > Testing > ------- > > Developed a unit test scenario for testing the case. Used localVM to test > hbase plugin. > > > Thanks, > > Abhay Kulkarni > >