Subhrat Chaudhary created RANGER-4184:
-----------------------------------------
Summary: ABAC Expression in policy condition at policy level does
not return expected ResourceACL
Key: RANGER-4184
URL: https://issues.apache.org/jira/browse/RANGER-4184
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
When an ABAC expression e.g. HAS_TAG('PII') is added to policy condition at
policy level, expected ResourceACLs are not returned.
Steps to reproduce:
* Create following tags for Hive:
** PII: database=testdb, table=employee, columns=name.dept
** PII_NAME: database=testdb, table=employee, columns=name
* Create a tag based policy:
** TAGS: PII
** Policy condition at policy level: HAS_TAG('PII_NAME')
* Allow policy item:
** User: joe
** Component: Hive, Permissions: Select
For both of the following resource definition in the request sent:
*
{code:java}
{ownerUser={devtest} elements={database=testdb; column=name; table=employee; }
}{code}
*
{code:java}
{ownerUser={devtest} elements={database=testdb; column=dept; table=employee; }
}{code}
The ResourceACL received is as below:
{code:java}
{UserACLs={user=joe:permissions={{Permission=Select, value=ALLOWED,
final=true},{RangerPolicyID=123},},}, GroupACLs={}, RoleACLs={}, rowFilters=[],
dataMasks=[]}, rowFilters=[], dataMasks=[]{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
