Re: Review Request 72053: RANGER-2712 : Revisit privileges for rangerlookup user in default policies

Wed, 29 Jan 2020 04:43:10 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72053/
-----------------------------------------------------------

(Updated Jan. 29, 2020, 12:42 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and 
Pradeep Agrawal.


Bugs: RANGER-2712
    https://issues.apache.org/jira/browse/RANGER-2712


Repository: ranger


Description
-------

Currently rangerlookup user has expansive list of privileges. 

This Jira is to restrict that to minimum level without impacting the test 
connection/resource lookup functionality.


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
 23f5a22 
  
hbase-agent/src/main/java/org/apache/ranger/services/hbase/RangerServiceHBase.java
 01b97ea 
  
hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/RangerServiceHdfs.java 
f89d14b 
  
hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java 
dc6ba63 
  
knox-agent/src/main/java/org/apache/ranger/services/knox/RangerServiceKnox.java 
b72e776 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
 77a626e 
  
plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
 cf5da97 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java 
96ab449 
  
plugin-nifi-registry/src/main/java/org/apache/ranger/services/nifi/registry/RangerServiceNiFiRegistry.java
 21587c7 
  
plugin-nifi/src/main/java/org/apache/ranger/services/nifi/RangerServiceNiFi.java
 4f38f42 
  
plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
 25bffc4 
  
plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java
 6477af7 
  
plugin-yarn/src/main/java/org/apache/ranger/services/yarn/RangerServiceYarn.java
 3e9dfbc 


Diff: https://reviews.apache.org/r/72053/diff/2/


Testing
-------

For lookup user we will be restricting the premission within default policies 
of services as follow.

HDFS => Read,
Hbase => Read, Create
Hive => Read
YARN => submit-app
KNOX => allow
KAFKA => consume
ATLAS => Read-Entity


Thanks,

Dhaval Shah

Reply via email to