[jira] [Updated] (RANGER-4328) matching scope SELF_OR_PREFIX doesn't handle few wildcard cases

Fri, 11 Aug 2023 09:08:26 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-4328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj updated RANGER-4328:
-------------------------------------
    Description: 
RANGER-4165 introduced matching scope SELF_OR_PREFIX to support usecases like:
 * find if a user/group/role has read access in any path/file under directory 
/dept/hr/
 * find if a user/group/role has select access to any table having name that 
starts with emp_ under database name hr

SELF_OR_PREFIX scope matching needs to be updated to handle following cases 
correctly:

 
||Resource||Policy||Match Type||
|ab|*c|PREFIX|
|ab|a*c|PREFIX|
|abcd|a*c|PREFIX|
|abcd|a*c*e|PREFIX|
|abcd|b*c*e|NONE|
|/app/hive|/app/*/test.db|PREFIX|
|/app|*/hive/test.db|PREFIX|

 

 

 

  was:
RANGER-4165 introduced matching scope SELF_OR_PREFIX to support usecases like:
 * find if a user/group/role has read access in any path/file under directory 
/dept/hr/
 * find if a user/group/role has select access to any table having name that 
starts with emp_ under database name hr

SELF_OR_PREFIX scope matching needs to be updated to handle following cases 
correctly:

 
||Resource||Policy||SELF_OR_PREFIX match?||
|ab|*c|Yes|
|ab|a*c|Yes|
|abcd|a*c|Yes|
|abcd|a*c*e|Yes|
|/app/hive|/app/*/test.db|Yes|
|/app|*/hive/test.db|Yes|

 

 

 


> matching scope SELF_OR_PREFIX doesn't handle few wildcard cases
> ---------------------------------------------------------------
>
>                 Key: RANGER-4328
>                 URL: https://issues.apache.org/jira/browse/RANGER-4328
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 3.0.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: RANGER-4328-updated-unittests.patch, RANGER-4328.patch
>
>
> RANGER-4165 introduced matching scope SELF_OR_PREFIX to support usecases like:
>  * find if a user/group/role has read access in any path/file under directory 
> /dept/hr/
>  * find if a user/group/role has select access to any table having name that 
> starts with emp_ under database name hr
> SELF_OR_PREFIX scope matching needs to be updated to handle following cases 
> correctly:
>  
> ||Resource||Policy||Match Type||
> |ab|*c|PREFIX|
> |ab|a*c|PREFIX|
> |abcd|a*c|PREFIX|
> |abcd|a*c*e|PREFIX|
> |abcd|b*c*e|NONE|
> |/app/hive|/app/*/test.db|PREFIX|
> |/app|*/hive/test.db|PREFIX|
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to