-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73245/
-----------------------------------------------------------
(Updated March 22, 2021, 3:53 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Updated with Apache JIRA details
Summary (updated)
-----------------
RANGER-3218: User getting denied even after having tag based policy.
Bugs: RANGER-3218
https://issues.apache.org/jira/browse/RANGER-3218
Repository: ranger
Description
-------
Steps
1.Created a database "vehicle1" with table "cars" and inserted some data into
table with hive user.
2.Tried to access "vehicle1" with user 'unixuser1' which will be denied since
policy is not there.
select * from vehicle1.cars;
3.Created a tag "tag1" in Atlas and assigned to database (vehicle1)
4.Created a unzone policy for "tag1" in cm_tag and gave permission to
"unixuser1".
5.Again tried to access the data with user 'unixuser1' but still it is getting
denied after having policy for the resource.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
9d7952028
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
df93bd55e
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
fda57f947
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
c3d7816fa
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java
fd5b1471e
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
ec788afc8
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
838184271
security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
09d3beac2
Diff: https://reviews.apache.org/r/73245/diff/1/
Testing (updated)
-------
Passed all unit tests.
Verified that tag policy is applied correctly in the step 5 described in the
scenario in the description.
Thanks,
Abhay Kulkarni
