Madhan Neethiraj created RANGER-4299:
----------------------------------------
Summary: Zone resource validator handling of resources at
different levels
Key: RANGER-4299
URL: https://issues.apache.org/jira/browse/RANGER-4299
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj
A critical requirement for security zone is to ensure that a given resource
belongs to at most only one security zone. This works well when all zones have
resources with the same resource hierarchy - like path, database/table,
database/table. However, when zones contain resources with different
hierarchies, the validation doesn't enforce above requirement. For example:
{code:java}
Zone1: [ { database: db1 } ]
Zone2: [ { database: db1, table: tbl1 } ]
{code}
Above zones are not a valid, as table {{db1.tbl1}} belongs to both Zone1 and
Zone2. However, zone resource validator doesn't handle this case correctly
hence allows zones with above resources. Validation should be fixed to prevent
zones with above resources.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
