Re: Review Request 73495: RANGER-3329: Request for _any access-type is denied only when on all access-types are denied - follow-up

Thu, 05 Aug 2021 07:32:26 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73495/#review223314
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
Lines 97 (patched)
<https://reviews.apache.org/r/73495/#comment312406>

    'clusterType' is missed as well. Please add following line:
      setClusterType(request.getClusterType());


- Madhan Neethiraj


On Aug. 2, 2021, 5:31 a.m., Kishor Gollapalliwar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73495/
> -----------------------------------------------------------
> 
> (Updated Aug. 2, 2021, 5:31 a.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3329
>     https://issues.apache.org/jira/browse/RANGER-3329
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently a request for _any access-type is denied only if all access-types 
> in the service-def are denied by policies. Instead of this, the policy-engine 
> should deny _any access if there are no allowed accesses, and at least one of 
> the access-type is denied. This will help address following usecase:
>  - when accessTypeRestrictions is defined on a resource i.e. only a subset of 
> access-types are shown in policy-UI, it will not be possible to create 
> policies that deny all accesses. In such cases, the proposed change will 
> enable denying _any access-type with only subset of access-types denied.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
>  3d0168a92 
> 
> 
> Diff: https://reviews.apache.org/r/73495/diff/1/
> 
> 
> Testing
> -------
> 
> maven build
> verified deny audits contains IP address (along with policy ID & version)
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

Reply via email to