Re: Review Request 73094: RANGER-3122: Support delegate-admin for specific permissions

Tue, 22 Dec 2020 22:58:00 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73094/#review222376
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Dec. 23, 2020, 5:22 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73094/
> -----------------------------------------------------------
> 
> (Updated Dec. 23, 2020, 5:22 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3122
>     https://issues.apache.org/jira/browse/RANGER-3122
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently delegate-admin cannot be marked for specific permissions. It is 
> all-or-nothing for the permissions defined in resource policy. Ranger should 
> have ability for granting delegate-admin for specific permissions.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  d64d226a6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
>  bac076c29 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  236f99820 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  873553a60 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
> cd6c18ba7 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
> 891c800fe 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> cd566bc34 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 802abac68 
> 
> 
> Diff: https://reviews.apache.org/r/73094/diff/4/
> 
> 
> Testing
> -------
> 
> Passes all unit tests.
> Tested in cluster with HDFS policies:
> 1. There is a delegate-admin policy giving user1 'read' permission on /tmp, 
> and another delegate-admin policy giving user1 'write' permission on /tmp/a
>      a. user1 can create policy on /tmp/b with permission 'read', but cannot 
> create policy on /tmp/c with permission 'write'
>      b. user1 can create policy on /tmp/a/d with permissions 'read' and 
> 'write' but cannot create policy on /tmp/a/e with permission 'execute'.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to