[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhay Kulkarni updated RANGER-2066: ----------------------------------- Affects Version/s: 0.7.1 > Hbase column family access is authorized by a tagged column in the column > family > -------------------------------------------------------------------------------- > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 1.0.0, master, 0.7.1 > Reporter: Anuja Leekha > Assignee: Abhay Kulkarni > Priority: Major > Fix For: master, 0.7.2, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)