-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74232/
-----------------------------------------------------------
(Updated Dec. 6, 2022, 5:58 p.m.)
Review request for ranger, madhan, Madhan Neethiraj, Ramesh Mani, Sailaja
Polavarapu, and Velmurugan Periasamy.
Changes
-------
Updated with the JIRA details
Summary (updated)
-----------------
RANGER-3999: Implement more efficient way to handle _any access authorization
Bugs: RANGER-3999
https://issues.apache.org/jira/browse/RANGER-3999
Repository: ranger
Description (updated)
-------
If a user-initiated operation requires checking if more than one permission is
granted, then currently, each permission requires a call to internal Policy
Engine API for the same accessed resource. This leads to many repetitive
computations which may be avoided if the policy engine API supports multiple
permissions. In that case, optimization may be achieved by pushing
authorization for multiple permissions down to the lowest possible level.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
23db18f3a
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
520ddf865
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
d3fc27d7d
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
df03ed1c4
Diff: https://reviews.apache.org/r/74232/diff/2/
Testing
-------
Passed all existing unit tests.
Thanks,
Abhay Kulkarni
