[ 
https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16436836#comment-16436836
 ] 

Abhay Kulkarni commented on RANGER-2066:
----------------------------------------

Commit details:

master:

https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=662878d2dcd1ff67642eeeceb108f38ff23036ee

> Hbase column family access is authorized by a tagged column in the column 
> family
> --------------------------------------------------------------------------------
>
>                 Key: RANGER-2066
>                 URL: https://issues.apache.org/jira/browse/RANGER-2066
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 1.0.0, master, 0.7.1
>            Reporter: Anuja Leekha
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: master, 0.7.2, 1.1.0
>
>
> SCENARIO:
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
>  Column emp/prof_data/role is tagged with OFFICIAL tag.
> Create following policies:
>  Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
>  1. Resource: emp/personal_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: Resource based policy
> 2. Resource: emp/prof_data
>  Name / Type: column-family
>  Allowed
>  Policy allowing: TAG based policy for OFFICIAL tag
> prof_data column-family should be authorized by resource policy. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to