[jira] [Updated] (RANGER-4697) GDS: The GDS cache is not updated when the name of a security zone is modified which is linked with a datashare

Anand Nadar (Jira) Mon, 12 Feb 2024 09:08:04 -0800


     [ 
https://issues.apache.org/jira/browse/RANGER-4697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Anand Nadar updated RANGER-4697:
--------------------------------
    Description: 
A datashare DSH-1 is created with zone1 and service1.
When the zone name is modified, then there is not gds version update. (Because 
the datshare object contains the zoneID and therefore the zone name change does 
not affect the object)
However, the GDS cache contains the security zone name. 

But this new change of zone name is not taken by the cache because the service 
specific gds version is not updated. And because of this the access enforcement 
fails for GDS policies.

To address this issue, upon modification of the zone name, the service-specific 
GDS versions for all services associated with that particular zone must be 
updated.

  was:
A datashare DSH-1 is created with zone1 and service1.
When the zone name is modified, then there is not gds version update.
This new change of zone name is not taken by the cache because the service 
specific gds version is not updated. 
And because of the access enforcement fails for GDS policies.

To address this issue, upon modification of the zone name, the service-specific 
GDS versions for all services associated with that particular zone must be 
updated.


> GDS: The GDS cache is not updated when the name of a security zone is 
> modified which is linked with a datashare
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4697
>                 URL: https://issues.apache.org/jira/browse/RANGER-4697
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: Anand Nadar
>            Assignee: Anand Nadar
>            Priority: Major
>
> A datashare DSH-1 is created with zone1 and service1.
> When the zone name is modified, then there is not gds version update. 
> (Because the datshare object contains the zoneID and therefore the zone name 
> change does not affect the object)
> However, the GDS cache contains the security zone name. 
> But this new change of zone name is not taken by the cache because the 
> service specific gds version is not updated. And because of this the access 
> enforcement fails for GDS policies.
> To address this issue, upon modification of the zone name, the 
> service-specific GDS versions for all services associated with that 
> particular zone must be updated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4697) GDS: The GDS cache is not updated when the name of a security zone is modified which is linked with a datashare

Reply via email to