Barbara,
I suggest the following: Update sources in your local git repo to address the review comments and validate Commit the changes in your local git repo If you have multiple commits, squash them into a single commit Create a patch file with command: git format-patch origin/master Update the review with this patch file Click on drop down Update Select Update Diff Click on Select button, upload the patch file Mark the comments as Fixed/Drop; add comments where needed Hope this helps. Madhan From: "Eckman, Barbara" <[email protected]> Reply-To: <[email protected]> Date: Tuesday, July 19, 2022 at 7:36 AM To: Madhan Neethiraj <[email protected]> Cc: ranger <[email protected]> Subject: Re: [EXTERNAL] Re: Review Request 74057: Plugin for Fine-grained Access Control over nested structures I’m sorry, I’ve always done this sort of thing using github PRs…which code should I change based on your review items? My local copy, choose “fixed” on the review site, and then generate a new patch? -- Barbara Eckman, Ph.D. she/her/hers Distinguished Architect Enterprise Metadata, Lineage and Access Control Comcast From: Madhan Neethiraj <[email protected]> on behalf of Madhan Neethiraj <[email protected]> Date: Monday, July 18, 2022 at 3:01 AM To: Madhan Neethiraj <[email protected]> Cc: Eckman, Barbara <[email protected]>, ranger <[email protected]> Subject: [EXTERNAL] Re: Review Request 74057: Plugin for Fine-grained Access Control over nested structures This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74057/ plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAuthorizer.java (Diff revision 1) 210 RangerAccessResult accessResult = plugin.isAccessAllowed(request); This call to isAccessAllowed() would return isAllowed=true only when access is allowed for the whole schema, The intent of this method seems to return true if user has the requested access to even only of field in the schema. To address this, resource-match scope should be set as shown below: request.setResourceMatchingScope(RangerAccessRequest.ResourceMatchingScope.SELF_OR_DESCENDANTS); - Madhan Neethiraj On July 13th, 2022, 11:03 p.m. UTC, Barbara Eckman wrote: Review request for ranger and Madhan Neethiraj. By Barbara Eckman. Updated July 13, 2022, 11:03 p.m.Repository: ranger Description It would be nice to be able to do fine-grained access control (FGA) over nested structures, e.g., the JSON responses of API calls. This requires the individual attributes in a JSON object to be first-class metadata objects which can be tagged and on which policies can be written. We have built a plugin and the corresponding Apache Atlas metadata structures and tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures. Our instigating use case was FGA over the JSON responses of API calls, but this plugin has potential value anywhere FGA over the individual attributes of nested structures is needed, eg JSON messages read from Kafka topics. Diffs · plugin-nestedstructure/CONTRIBUTING (PRE-CREATION) · plugin-nestedstructure/LICENSE (PRE-CREATION) · plugin-nestedstructure/NOTICE (PRE-CREATION) · plugin-nestedstructure/README.md (PRE-CREATION) · plugin-nestedstructure/conf/log4j.properties (PRE-CREATION) · plugin-nestedstructure/conf/nestedstructure_servicedef.json (PRE-CREATION) · plugin-nestedstructure/conf/ranger-nestedstructure-audit.xml (PRE-CREATION) · plugin-nestedstructure/conf/ranger-nestedstructure-policymgr-ssl.xml (PRE-CREATION) · plugin-nestedstructure/conf/ranger-nestedstructure-security.xml (PRE-CREATION) · plugin-nestedstructure/pom.xml (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/AccessResult.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/DataMasker.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/ExampleClient.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/FieldLevelAccess.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/JsonManipulator.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskTypes.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/MaskingException.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAccessType.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructureAuthorizer.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Resource.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/NestedStructure_Service.java (PRE-CREATION) · plugin-nestedstructure/src/main/java/org.apache.ranger/authorization.nestedstructure.authorizer/RecordFilterJavaScript.java (PRE-CREATION) · plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestDataMasker.java (PRE-CREATION) · plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestJsonManipulator.java (PRE-CREATION) · plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java (PRE-CREATION) · pom.xml (0945f4b1d) · tagsync/src/main/java/org/apache/ranger/tagsync/nestedstructureplugin/AtlasNestedStructureResourceMapper.java (PRE-CREATION) · tagsync/src/test/java/org/apache/ranger/tagsync/nestedstructureplugin/ResourceTests.java (PRE-CREATION) View Diff
