-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70629/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin
Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan
Periasamy.
Bugs: RANGER-2414
https://issues.apache.org/jira/browse/RANGER-2414
Repository: ranger
Description
-------
Current Ranger policy model supports authorization/column-masking/row-filtering
for users/user-groups based on various criteria like accessed-resource,
resource-classifications, IP-address and custom conditions. Given the
wide-spread use of role-based authorization in traditional enterprise
applications (like RDBMS, J2EE), it will be very useful for Ranger policy model
to support 'roles' i.e. to be able to specify
authorization/column-masking/row-filtering for roles as well - in addition to
existing support for users and user-groups.
This patch provides an initial implementation of support for roles in Ranger.
Diffs
-----
agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java
28db58cd9
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
5e2c49211
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
3111037ff
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
3cf509d7c
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
990aab0c9
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
9ed500c50
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
365edcf35
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
eafbde246
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
a57b39827
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
45231e739
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
47b4921ad
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
5400f71c4
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
a6e24c609
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
5a18226fe
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
c20ccded6
agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
e22249ac6
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
cbd2cb012
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
2c1de4eb8
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
e92a2e658
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
5a47ba401
agents-common/src/test/resources/policyengine/test_aclprovider_default.json
b4c4def85
agents-common/src/test/resources/policyengine/test_policyengine_with_roles.json
PRE-CREATION
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
f204c15c0
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
bf4d6c1ea
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 769afb56a
security-admin/db/mysql/patches/041-create-role-schema.sql PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
9a9e36b09
security-admin/db/oracle/patches/041-create-role-schema.sql PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
df4201d89
security-admin/db/postgres/patches/041-create-role-schema.sql PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
a2d413743
security-admin/db/sqlanywhere/patches/041-create-role-schema.sql PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
1f3ccbf5d
security-admin/db/sqlserver/patches/041-create-role-schema.sql PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
921dc3736
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
f48a80387
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
35dc9405b
security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
039e4e8d5
security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
979fd6543
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 5d513bd8b
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXPolicyRefRole.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXRole.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXRoleBase.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefGroup.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefRole.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefUser.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
734faef3a
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
3ff763c71
security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
3e1a8e1bf
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/RangerRoleServiceBase.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/view/RangerRoleList.java
PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4647b1c9
security-admin/src/main/webapp/scripts/collection_bases/VXRoleListBase.js
PRE-CREATION
security-admin/src/main/webapp/scripts/collections/VXRoleList.js PRE-CREATION
security-admin/src/main/webapp/scripts/controllers/Controller.js c4a0b58df
security-admin/src/main/webapp/scripts/model_bases/VXRoleBase.js PRE-CREATION
security-admin/src/main/webapp/scripts/models/VXRole.js PRE-CREATION
security-admin/src/main/webapp/scripts/modules/XALinks.js ab0fe7a23
security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
a9287450c
security-admin/src/main/webapp/scripts/routers/Router.js f60e03c21
security-admin/src/main/webapp/scripts/utils/XAUtils.js 18e86c9cc
security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
0c3824bad
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js
8f23e84d3
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
a1a1311aa
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
1af54e18a
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
c18cfaa08
security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 18dba7ace
security-admin/src/main/webapp/scripts/views/users/RoleCreate.js PRE-CREATION
security-admin/src/main/webapp/scripts/views/users/RoleForm.js PRE-CREATION
security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
45b672caf
security-admin/src/main/webapp/styles/xa.css 6ae646dfc
security-admin/src/main/webapp/templates/common/TopNav_tmpl.html 22df5cb8b
security-admin/src/main/webapp/templates/policies/PermissionItem.html
d2b401d05
security-admin/src/main/webapp/templates/policies/PermissionList.html
9972d4885
security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
e76ad21e4
security-admin/src/main/webapp/templates/users/RoleCreate_tmpl.html
PRE-CREATION
security-admin/src/main/webapp/templates/users/RoleForm_tmpl.html
PRE-CREATION
security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html
d99b3b453
security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
ac9af5eb4
Diff: https://reviews.apache.org/r/70629/diff/1/
Testing
-------
- Role CRUD
- Policy Updates to add/remove roles
- Logic to authorize access with roles
- Tracking Service versions with role updates
Thanks,
Abhay Kulkarni
