> On May 11, 2019, 7:10 a.m., Don Bosco Durai wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java > > Lines 944 (patched) > > <https://reviews.apache.org/r/70629/diff/1/?file=2144531#file2144531line944> > > > > Do we have small window where the roles could be empty and it could > > affect during multi-thread environment>
I don't think so. Are you suggesting concurrent updates to policy may lead to inconsistent policy state? If so, one of the transactions will be aborted when attempting to persist changes to database. - Abhay ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70629/#review215198 ----------------------------------------------------------- On May 11, 2019, 1:45 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70629/ > ----------------------------------------------------------- > > (Updated May 11, 2019, 1:45 a.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin > Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-2414 > https://issues.apache.org/jira/browse/RANGER-2414 > > > Repository: ranger > > > Description > ------- > > Current Ranger policy model supports > authorization/column-masking/row-filtering for users/user-groups based on > various criteria like accessed-resource, resource-classifications, IP-address > and custom conditions. Given the wide-spread use of role-based authorization > in traditional enterprise applications (like RDBMS, J2EE), it will be very > useful for Ranger policy model to support 'roles' i.e. to be able to specify > authorization/column-masking/row-filtering for roles as well - in addition to > existing support for users and user-groups. > > This patch provides an initial implementation of support for roles in Ranger. > > > Diffs > ----- > > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > 28db58cd9 > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > 5e2c49211 > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 3111037ff > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java > 3cf509d7c > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java > 990aab0c9 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java > 9ed500c50 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > 365edcf35 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java > eafbde246 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > a57b39827 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java > 45231e739 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java > 47b4921ad > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java > 5400f71c4 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java > a6e24c609 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java > 5a18226fe > agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > c20ccded6 > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java > e22249ac6 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java > cbd2cb012 > > agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java > 2c1de4eb8 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java > e92a2e658 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 5a47ba401 > agents-common/src/test/resources/policyengine/test_aclprovider_default.json > b4c4def85 > > agents-common/src/test/resources/policyengine/test_policyengine_with_roles.json > PRE-CREATION > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > f204c15c0 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > bf4d6c1ea > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 769afb56a > security-admin/db/mysql/patches/041-create-role-schema.sql PRE-CREATION > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 9a9e36b09 > security-admin/db/oracle/patches/041-create-role-schema.sql PRE-CREATION > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > df4201d89 > security-admin/db/postgres/patches/041-create-role-schema.sql PRE-CREATION > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > a2d413743 > security-admin/db/sqlanywhere/patches/041-create-role-schema.sql > PRE-CREATION > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 1f3ccbf5d > security-admin/db/sqlserver/patches/041-create-role-schema.sql PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 921dc3736 > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java > f48a80387 > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 35dc9405b > security-admin/src/main/java/org/apache/ranger/common/AppConstants.java > 039e4e8d5 > security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java > 979fd6543 > security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java > 5d513bd8b > security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyRefRole.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXRole.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXRoleBase.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefGroup.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefRole.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefUser.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > 734faef3a > security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 3ff763c71 > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java > 3e1a8e1bf > > security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/service/RangerRoleServiceBase.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/view/RangerRoleList.java > PRE-CREATION > security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4647b1c9 > security-admin/src/main/webapp/scripts/collection_bases/VXRoleListBase.js > PRE-CREATION > security-admin/src/main/webapp/scripts/collections/VXRoleList.js > PRE-CREATION > security-admin/src/main/webapp/scripts/controllers/Controller.js c4a0b58df > security-admin/src/main/webapp/scripts/model_bases/VXRoleBase.js > PRE-CREATION > security-admin/src/main/webapp/scripts/models/VXRole.js PRE-CREATION > security-admin/src/main/webapp/scripts/modules/XALinks.js ab0fe7a23 > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > a9287450c > security-admin/src/main/webapp/scripts/routers/Router.js f60e03c21 > security-admin/src/main/webapp/scripts/utils/XAUtils.js 18e86c9cc > security-admin/src/main/webapp/scripts/views/policies/PermissionList.js > 0c3824bad > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js > 8f23e84d3 > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js > a1a1311aa > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js > 1af54e18a > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js > c18cfaa08 > security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js > 18dba7ace > security-admin/src/main/webapp/scripts/views/users/RoleCreate.js > PRE-CREATION > security-admin/src/main/webapp/scripts/views/users/RoleForm.js PRE-CREATION > security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js > 45b672caf > security-admin/src/main/webapp/styles/xa.css 6ae646dfc > security-admin/src/main/webapp/templates/common/TopNav_tmpl.html 22df5cb8b > security-admin/src/main/webapp/templates/policies/PermissionItem.html > d2b401d05 > security-admin/src/main/webapp/templates/policies/PermissionList.html > 9972d4885 > security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html > e76ad21e4 > security-admin/src/main/webapp/templates/users/RoleCreate_tmpl.html > PRE-CREATION > security-admin/src/main/webapp/templates/users/RoleForm_tmpl.html > PRE-CREATION > security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html > d99b3b453 > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > ac9af5eb4 > > > Diff: https://reviews.apache.org/r/70629/diff/1/ > > > Testing > ------- > > - Role CRUD > - Policy Updates to add/remove roles > - Logic to authorize access with roles > - Tracking Service versions with role updates > > > Thanks, > > Abhay Kulkarni > >
