[jira] [Updated] (RANGER-4655) Execute and read permissions granted to a user in different HDFS policies does not take effect.

Mon, 15 Jan 2024 17:11:03 -0800 


     [ 
https://issues.apache.org/jira/browse/RANGER-4655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-4655:
-----------------------------------
    Description: 
This bug is shown up when multiple accesses are requested using one 
access-request and all of the requested accesses need to be granted in order 
the access-request to be allowed.

 

This appears to be regression introduced by RANGER-3999

Test Case:

Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy 
recursively.
Policy 2: Granted only the "read" permission to user for "/hdp"

Doing a list on "/hdp" fails with permission denied for access READ_EXECUTE. 
However, the same works when "execute" permission is granted in Policy 2.

  was:
This bug is shown up when multiple accesses are requested using one 
access-request and all of the requested accesses need to be granted in order 
the access-request to be allowed.

 

Test Case:

Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy 
recursively.
Policy 2: Granted only the "read" permission to user for "/hdp"

Doing a list on "/hdp" fails with permission denied for access READ_EXECUTE. 
However, the same works when "execute" permission is granted in Policy 2.


> Execute and read permissions granted to a user in different HDFS policies 
> does not take effect. 
> ------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4655
>                 URL: https://issues.apache.org/jira/browse/RANGER-4655
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> This bug is shown up when multiple accesses are requested using one 
> access-request and all of the requested accesses need to be granted in order 
> the access-request to be allowed.
>  
> This appears to be regression introduced by RANGER-3999
> Test Case:
> Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy 
> recursively.
> Policy 2: Granted only the "read" permission to user for "/hdp"
> Doing a list on "/hdp" fails with permission denied for access READ_EXECUTE. 
> However, the same works when "execute" permission is granted in Policy 2.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to