Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3

Abhay Kulkarni Wed, 15 Feb 2023 14:09:24 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/
-----------------------------------------------------------


Review request for ranger, madhan and Madhan Neethiraj.


Bugs: RANGER-3999
    https://issues.apache.org/jira/browse/RANGER-3999


Repository: ranger


Description
-------

When ANY_ACCESS is requested, the policy matching algorithm returns match if 
match-type is not NONE. However, the current check for ANY_ACCESS checks not 
only the request's access-type but also the value in the request's context. As 
the request's context's attribute ISANYACCESS may be set up for processing any 
of the multiple accesses specified in the context's ACCESSTYPES attribute, only 
request's access-type needs to be checked to determine if the policy matches.


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 9a0df550c 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 a51f2322a 


Diff: https://reviews.apache.org/r/74308/diff/1/


Testing
-------

Compiles clean and passes all unit tests.


Thanks,

Abhay Kulkarni

Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3

Reply via email to