[
https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16436818#comment-16436818
]
Abhay Kulkarni edited comment on RANGER-2066 at 4/13/18 7:19 PM:
-----------------------------------------------------------------
Patch is available at the review board:
master:
[https://reviews.apache.org/r/66588/]
ranger-1.0:
https://reviews.apache.org/r/66599/
ranger-0.7:
https://reviews.apache.org/r/66593/
was (Author: abhayk):
Patch is available at the review board:
https://reviews.apache.org/r/66588/
> Hbase column family access is authorized by a tagged column in the column
> family
> --------------------------------------------------------------------------------
>
> Key: RANGER-2066
> URL: https://issues.apache.org/jira/browse/RANGER-2066
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 1.0.0, master, 0.7.1
> Reporter: Anuja Leekha
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: master, 0.7.2, 1.1.0, 1.0.1
>
>
> SCENARIO:
> Table emp has 2 column families: personal_data(name,SSN,age) ;
> prof_data(role, manager)
> Column emp/prof_data/role is tagged with OFFICIAL tag.
> Create following policies:
> Resource policy allows Read on all tables, all column-families and all
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> When test_user executes "scan 'emp' " command, two audit log records are
> created:
> 1. Resource: emp/personal_data
> Name / Type: column-family
> Allowed
> Policy allowing: Resource based policy
> 2. Resource: emp/prof_data
> Name / Type: column-family
> Allowed
> Policy allowing: TAG based policy for OFFICIAL tag
> prof_data column-family should be authorized by resource policy.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
