----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66593/ -----------------------------------------------------------
Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. Bugs: RANGER-2066 https://issues.apache.org/jira/browse/RANGER-2066 Repository: ranger Description ------- SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user. When test_user executes "scan 'emp' " command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should be authorized by resource policy. Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 4a3a95062 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerTagAccessRequest.java dbdcacd11 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 71c076d03 agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json b4941cd19 agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 11f31e317 Diff: https://reviews.apache.org/r/66593/diff/1/ Testing ------- Developed test case for this scenario. Ran all unit tests successfully Thanks, Abhay Kulkarni