-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66593/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
Bugs: RANGER-2066
https://issues.apache.org/jira/browse/RANGER-2066
Repository: ranger
Description
-------
SCENARIO:
Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role,
manager)
Column emp/prof_data/role is tagged with OFFICIAL tag.
Create following policies:
Resource policy allows Read on all tables, all column-families and all columns
and a tag policy allows Read on OFFICIAL tag to test_user.
When test_user executes "scan 'emp' " command, two audit log records are
created:
1. Resource: emp/personal_data
Name / Type: column-family
Allowed
Policy allowing: Resource based policy
2. Resource: emp/prof_data
Name / Type: column-family
Allowed
Policy allowing: TAG based policy for OFFICIAL tag
prof_data column-family should be authorized by resource policy.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
4a3a95062
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerTagAccessRequest.java
dbdcacd11
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
71c076d03
agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json
b4941cd19
agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
11f31e317
Diff: https://reviews.apache.org/r/66593/diff/1/
Testing
-------
Developed test case for this scenario. Ran all unit tests successfully
Thanks,
Abhay Kulkarni
