-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72577/
-----------------------------------------------------------
(Updated June 15, 2020, 5:47 p.m.)
Review request for ranger, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu,
and Velmurugan Periasamy.
Changes
-------
Addressed review comments.
Summary (updated)
-----------------
'show databases' gives permission denied error, even though the user has
permissions on a few of the databases in security zone policies
Bugs: RANGER-2858
https://issues.apache.org/jira/browse/RANGER-2858
Repository: ranger
Description (updated)
-------
When user has permissions on a few of the databases in security zone policies,
"show databases" command is expected to list databases on which the user has
some permission in any security zone(s). However, the command fails
authorization. Furthermore, command "use <database>" where <database> is name
of the database where user has some access in any security zone, succeeds.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
e6de06fa7
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
0930e2cf7
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java
29c3604d1
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java
1b5aa9e2d
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
1bdee86d3
Diff: https://reviews.apache.org/r/72577/diff/1/
Testing (updated)
-------
Created two security zones containing different databases with one zone having
Ranger policy to provide access to a table contained in that zone.
Verified that 'show databases' command listed correct database which allowed
some access to the contained table.
Thanks,
Abhay Kulkarni
