----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66599/#review201122 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On April 13, 2018, 5:36 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66599/ > ----------------------------------------------------------- > > (Updated April 13, 2018, 5:36 a.m.) > > > Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. > > > Bugs: RANGER-2066 > https://issues.apache.org/jira/browse/RANGER-2066 > > > Repository: ranger > > > Description > ------- > > SCENARIO: > > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > > prof_data column-family should be authorized by resource policy. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java > 415d4a499 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java > 349ab360b > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > ab4a9d27e > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java > 956456551 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java > cacae5a5b > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java > 7a890b8b2 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java > e4864031b > > agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json > 11f31e317 > > > Diff: https://reviews.apache.org/r/66599/diff/1/ > > > Testing > ------- > > Developed and passed unit tests. > > > Thanks, > > Abhay Kulkarni > >