Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

Abhay Kulkarni Fri, 30 Sep 2022 12:22:40 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/#review224725
-----------------------------------------------------------





security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 4950 (patched)
<https://reviews.apache.org/r/74143/#comment313513>

    Why is the "group" parameter removed from searchFilter here, especially 
with line 4986? Please review.



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 4989 (patched)
<https://reviews.apache.org/r/74143/#comment313512>

    Should the groupName be added to the groupNames set as well? Please review.



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 6241 (patched)
<https://reviews.apache.org/r/74143/#comment313511>

    There is a recursive call here. If the depth of the role hierarchy is too 
deep, this may cause stack overflow. Please review to see if that is possible.



security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java
Lines 57 (patched)
<https://reviews.apache.org/r/74143/#comment313509>

    Does this function's return list include the groupName that is passed in as 
argument? Is the caller expecting that? Please review.



security-admin/src/main/resources/META-INF/jpa_named_queries.xml
Lines 293 (patched)
<https://reviews.apache.org/r/74143/#comment313510>

    This query returns only parent group of the argument groupName. Is it 
expected to find more distant ancestors too? Please review.


- Abhay Kulkarni


On Sept. 27, 2022, 7:37 p.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74143/
> -----------------------------------------------------------
> 
> (Updated Sept. 27, 2022, 7:37 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3912
>     https://issues.apache.org/jira/browse/RANGER-3912
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-3912:Ranger Policy report for a give user should fetch policies 
> maintained for roles belonging to that user
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 913633600 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
> 21948b108 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74143/diff/1/
> 
> 
> Testing
> -------
> 
> Verified in local vm  API to fetch policies for give user / group / role and 
> also via Ranger UI
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

Reply via email to