-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74744/
-----------------------------------------------------------
Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika
Kachhadiya, Prashant Satam, and Siddhesh Phatak.
Bugs: RANGER-4535
https://issues.apache.org/jira/browse/RANGER-4535
Repository: ranger
Description
-------
When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed
in query-param, available ACLs are not returned in the dataset.
It will be helpful to know, if the current dataset is accessible to public
group, in case gdsPermission=LIST is passed in query-param (which can be
eventually used by the depending applications). We can add the the ACL, in the
returned dataset (if available):
"groups": { "public": "LIST" }
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
6c55fd029
Diff: https://reviews.apache.org/r/74744/diff/1/
Testing
-------
Following cases are validated (with gdsPermission=LIST passed in query-param)
(tested with GET /gds/dataset API):
1. Even if the calling user has higher than LIST access, same is not retruned
in ACL.
2. All the datasets where public : LIST access is given, are returned in
response.
3. When the API is called by ranger admin user, all the datasets are returned
and only public : LIST permission is available in the ACL (no other permissions
are added in the ACL, even if the user has them in the dataset).
Thanks,
Subhrat Chaudhary
