> On Jan. 11, 2021, 7:09 p.m., Madhan Neethiraj wrote: > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > > Lines 1111 (patched) > > <https://reviews.apache.org/r/73129/diff/1/?file=2244085#file2244085line1111> > > > > Does '2' mean NOT_DETERMINED? Shouldn't the result be know at this > > point - even if its using HDFS ACLs (fallback)?
When setOwner is authorized by a policy in Ranger, we generate allow audit, but in hdfs it fails because user is not superUser. When access is denied for setOwner in Ranger then also at the hdfs end it fails with superUser check, so to be consistent on the audit side ther accessResult is set to NOT_DETERMINED. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73129/#review222432 ----------------------------------------------------------- On Jan. 12, 2021, 10 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73129/ > ----------------------------------------------------------- > > (Updated Jan. 12, 2021, 10 p.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3148 > https://issues.apache.org/jira/browse/RANGER-3148 > > > Repository: ranger > > > Description > ------- > > RANGER-3148:Ranger auditing not happening for hdfs chown and chmod operations > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/constants/RangerHadoopConstants.java > 31e4c0f4e > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 63e84728d > > > Diff: https://reviews.apache.org/r/73129/diff/2/ > > > Testing > ------- > > - Verified in local vm for auditing. > > > Thanks, > > Ramesh Mani > >
