----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72577/ -----------------------------------------------------------
(Updated June 15, 2020, 5:47 p.m.) Review request for ranger, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes ------- Addressed review comments. Summary (updated) ----------------- 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies Bugs: RANGER-2858 https://issues.apache.org/jira/browse/RANGER-2858 Repository: ranger Description (updated) ------- When user has permissions on a few of the databases in security zone policies, "show databases" command is expected to list databases on which the user has some permission in any security zone(s). However, the command fails authorization. Furthermore, command "use <database>" where <database> is name of the database where user has some access in any security zone, succeeds. Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java e6de06fa7 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 0930e2cf7 security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 29c3604d1 security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 1b5aa9e2d security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bdee86d3 Diff: https://reviews.apache.org/r/72577/diff/1/ Testing (updated) ------- Created two security zones containing different databases with one zone having Ranger policy to provide access to a table contained in that zone. Verified that 'show databases' command listed correct database which allowed some access to the contained table. Thanks, Abhay Kulkarni