----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/#review222828 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java Lines 239 (patched) <https://reviews.apache.org/r/73212/#comment312005> Existing policy might be disabled; #239 will enable the copied policy. This is not desired. Please remove #239. security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java Lines 251 (patched) <https://reviews.apache.org/r/73212/#comment312006> - isEntityClassificationResourceExist() => isEntityResource() - this method should match only for policy-resource having hierarchy entity-type/entity-classification/entity. Current logic will match for following hierarchies as well: -- entity-type/entity-classification/entity/entity-label -- entity-type/entity-classification/entity/entity-business-metadata I suggest surrounding the 'for' loop at #253 with following 'if': if (xPolResMap.size() == ATLAS_RESOURCE_ENTITY.size()) { .. } - Madhan Neethiraj On April 14, 2021, 1:04 p.m., Nixon Rodrigues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73212/ > ----------------------------------------------------------- > > (Updated April 14, 2021, 1:04 p.m.) > > > Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, > Sarath Subramanian, and Velmurugan Periasamy. > > > Bugs: RANGER-3195 > https://issues.apache.org/jira/browse/RANGER-3195 > > > Repository: ranger > > > Description > ------- > > Requirement :- The new requirement is to provide a way to authorize who can > Add/Remove/Update Classification for an entity even if the entities on which > classification have to be applied do not have classifications already tagged > to it. > > Solution:- > > > This will require changes on Ranger Atlas service defination to introduce a > new resource "*classifications*" in entity authz model called classifications > at level 40 [4th level], with the new classifications resource ranger > authorizer will check the classification exist in policy for that > add/update/remove classification request to authorize. > > > Diffs > ----- > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > 4ce7ec991 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 79ef60465 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > c13633ad2 > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 7179dc998 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 40917cdf4 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > ba9eb0157 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 371846f1e > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 90004ec77 > > security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73212/diff/6/ > > > Testing > ------- > > Tested Atlas with Ranger authorization with entities for add, update , > add-classification, remove-classification, update-classification events. > > > Thanks, > > Nixon Rodrigues > >
