----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71569/#review218053 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java Lines 3417 (patched) <https://reviews.apache.org/r/71569/#comment305562> - when a role is referenced in multiple policyItems, #3418 will be executed for each reference. This can be avoided - by collecting all roleNames in a Set<>, and iterating through the set. - in case of policy-update, it will be useful to avoid the call to isRoleDownloadRequired() where possible. For example, by checking if the updated policy references additional role(s) than the current policy in the DB. - in case of policy-create, it is necessary to verify if this policy refers to a role that hasn't been referenced by another policy in this service (consider tag service too) security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java Lines 3418 (patched) <https://reviews.apache.org/r/71569/#comment305563> Instead of retrieving all policy-IDs (List<Long>), it will be efficient to simply get the count: daoMgr.getXXPolicy().findRoleRefPolicyCount(): select count(*) from XXPolicy policy, XXPolicyRefRole roleRef where policy.service = :serviceId and roleRef.policyId = policy.id and roleRef.roleName = :roleName - Madhan Neethiraj On Oct. 2, 2019, 6:14 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71569/ > ----------------------------------------------------------- > > (Updated Oct. 2, 2019, 6:14 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2512 > https://issues.apache.org/jira/browse/RANGER-2512 > > > Repository: ranger > > > Description > ------- > > RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins > for evaluation -part2 > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > 77648fd > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 9d26fb5 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 85db577 > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > d687e73 > security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 06a4063 > > security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java > 1d81337 > security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java d28cf3d > security-admin/src/main/resources/META-INF/jpa_named_queries.xml ab8e675 > > > Diff: https://reviews.apache.org/r/71569/diff/2/ > > > Testing > ------- > > - Addressed previous review comments > - Addressed issue with Role download to the plugin when Roles are first > create and added to new or existing policy. > > > Thanks, > > Ramesh Mani > >
