----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67770/#review205526 -----------------------------------------------------------
plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java Lines 295 (patched) <https://reviews.apache.org/r/67770/#comment288427> If I have a classification on a entity,and have policy for that classification, then ranger allowed to access which is fine. But other entities which don't have classifications has to have "_Not_Classified" policy in ranger in order to access, which make it that we need to have " _NOT_Classified" for all the resources which need access or we need to have "*" policy for the classification. Is this the intended way? I thought that entities without classification will be always allowed. ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java Lines 185 (patched) <https://reviews.apache.org/r/67770/#comment288422> ret is never used. Please remove this. - Ramesh Mani On June 28, 2018, 9:27 a.m., Madhan Neethiraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67770/ > ----------------------------------------------------------- > > (Updated June 28, 2018, 9:27 a.m.) > > > Review request for ranger, Abhay Kulkarni, Nixon Rodrigues, Ramesh Mani, and > Sarath Subramanian. > > > Bugs: RANGER-2143 > https://issues.apache.org/jira/browse/RANGER-2143 > > > Repository: ranger > > > Description > ------- > > - updated Atlas authorizer with addtion of scrubSearchResults() method > - updated entity-access authorization to enable authorization of entity that > don't have any classification > > > Diffs > ----- > > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 8d56f14f9 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > aba4b8c2e > pom.xml 07952102e > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 9302bdd09 > > > Diff: https://reviews.apache.org/r/67770/diff/1/ > > > Testing > ------- > > - verified that entity-attributes and classifications in the search-result > are cleared for entities the user doesn't have read access to > - verified that authorization policy with > entity-classification=_NOT_CLASSIFIED applies for entities that don't have > any classification associated > > > Thanks, > > Madhan Neethiraj > >
