Re: Review Request 74598: RANGER-4324: Implementing Acl for RangerDataSet

Tue, 12 Sep 2023 09:18:25 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74598/#review225739
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
Line 251 (original), 251 (patched)
<https://reviews.apache.org/r/74598/#comment314173>

    User having only LIST permission should not be returned the entire dataset 
details. They should only be able to view following fields:
    - name
    - description
    - termsOfUse



security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
Lines 220 (patched)
<https://reviews.apache.org/r/74598/#comment314172>

    with this update, gdsPermission becomes a mandatory search filter 
(query-param). This shouldn't be the case. Filtering should be performed only 
when gdsPermission is specified.


- Madhan Neethiraj


On Sept. 12, 2023, 3:29 p.m., Subhrat Chaudhary wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74598/
> -----------------------------------------------------------
> 
> (Updated Sept. 12, 2023, 3:29 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Siddhesh Phatak.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4324
>     
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> First patch added in RANGER-4324, support only view permission. Adding this 
> patch to receive permission as query param, and return datasets based on the 
> ACLs for the dataset and the permission that the logged in user has.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> 440bb4c24 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> d2bd0789d 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 059954b46 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
> 
> 
> Diff: https://reviews.apache.org/r/74598/diff/1/
> 
> 
> Testing
> -------
> 
> Updated API validated locally:
> 1. 3 datasets created with the user mark having ADMIN, VIEW and LIST 
> permissions respcetively.
> 2. Tested /service/gds/dataset with query param gdsPermission={permission}.
> 3. For gdsPermission=LIST, all 3 datasets are returned.
> 4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark 
> has ADMIN or VIEW permissions.
> 5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark 
> has ADMIN permissions.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Reply via email to