Anupam Rai created RANGER-4037:
----------------------------------
Summary: Audits are not getting generated for policy enforcement
works based on policy condition
Key: RANGER-4037
URL: https://issues.apache.org/jira/browse/RANGER-4037
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Anupam Rai
Audits are not getting generated for policy enforcement works based on policy
condition :
RangerNoneOfExpectedTagsPresentConditionEvaluator
Steps to reproduce :
- Apply policy conditions in service defs
{code:java}
"policyConditions": [
{
"itemId": 1,
"name": "all-tag-present",
"evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
"evaluatorOptions": {},
"label": "Tags All Present?",
"description": "Tags All Present?"
},
{
"itemId": 2,
"name": "none-of-tag-present",
"evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
"evaluatorOptions": {},
"label": "None of Tags Present?",
"description": "None of Tags Present?"
},
{
"itemId": 3,
"name": "any-of-tag-present",
"evaluator":
"org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
"evaluatorOptions": {},
"label": "Any of Tags Present?",
"description": "Any of Tags Present?"
} ], {code}
Add tag based policy for with RangerNoneOfExpectedTagsPresentConditionEvaluator
tag including tag which is used to created policy and give hive access to user
Try access tag related attribute in beeline
User will be denied and policy is enforced but in audit logs denied policy wont
be available .
Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
