> On June 28, 2018, 9:16 p.m., Ramesh Mani wrote: > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > > Lines 295 (patched) > > <https://reviews.apache.org/r/67770/diff/1/?file=2046812#file2046812line363> > > > > If I have a classification on a entity,and have policy for that > > classification, then ranger allowed to access which is fine. But other > > entities which don't have classifications has to have "_Not_Classified" > > policy in ranger in order to access, which make it that we need to have " > > _NOT_Classified" for all the resources which need access or we need to > > have "*" policy for the classification. > > Is this the intended way? I thought that entities without > > classification will be always allowed.
Yes. This is by design. This will allow users to control access to entities that are not yet classified. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67770/#review205526 ----------------------------------------------------------- On June 29, 2018, 7:26 a.m., Madhan Neethiraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67770/ > ----------------------------------------------------------- > > (Updated June 29, 2018, 7:26 a.m.) > > > Review request for ranger, Abhay Kulkarni, Nixon Rodrigues, Ramesh Mani, and > Sarath Subramanian. > > > Bugs: RANGER-2143 > https://issues.apache.org/jira/browse/RANGER-2143 > > > Repository: ranger > > > Description > ------- > > - updated Atlas authorizer with addtion of scrubSearchResults() method > - updated entity-access authorization to enable authorization of entity that > don't have any classification > > > Diffs > ----- > > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 8d56f14f9 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > aba4b8c2e > pom.xml 07952102e > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 9302bdd09 > > > Diff: https://reviews.apache.org/r/67770/diff/2/ > > > Testing > ------- > > - verified that entity-attributes and classifications in the search-result > are cleared for entities the user doesn't have read access to > - verified that authorization policy with > entity-classification=_NOT_CLASSIFIED applies for entities that don't have > any classification associated > > > Thanks, > > Madhan Neethiraj > >
