----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70658/#review215340 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java Lines 127 (patched) <https://reviews.apache.org/r/70658/#comment302005> I don't think this needs to be included in the service def by default. If required, users can register the policy condition. - Velmurugan Periasamy On May 17, 2019, 1:21 p.m., Nikhil P wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70658/ > ----------------------------------------------------------- > > (Updated May 17, 2019, 1:21 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2436 > https://issues.apache.org/jira/browse/RANGER-2436 > > > Repository: ranger > > > Description > ------- > > Include a custom-condition that checks if the current cluster-name matches > one of the condition values. This will enable setting up different > authorization policies depending on the cluster from which access was > performed. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerClusterMatcher.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java > 5b66539 > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java > 0c078a8 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java > 45231e7 > agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json > 370ff56 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java > a54d69e > > > Diff: https://reviews.apache.org/r/70658/diff/2/ > > > Testing > ------- > > 1.Tested If cluster name condition is provided in policy/policyItem condition > then access is granted if that cluster name is given in policy condition > while setting up the policy. > 2.If condition is specified with some cluster names and the cluster from > which access request is coming is not present in condition then access is > denied. > 3.Tested for hive plugin > > > Thanks, > > Nikhil P > >
