-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75047/
-----------------------------------------------------------
Review request for ranger, Dineshkumar Yadav, madhan, Madhan Neethiraj, Pradeep
Agrawal, Ramesh Mani, and Velmurugan Periasamy.
Bugs: RANGER-4820
https://issues.apache.org/jira/browse/RANGER-4820
Repository: ranger
Description
-------
Currently, Ranger policy engine supports authorization of multiple accesses for
a given resource in a single call to the Ranger plugin's isAccessAllowed() API.
However, it has some limitations which are addressed by this JIRA.
Limitation: If multiple accesses are to be authorized, then the current
authorization logic in Ranger policy engine is designed to allow the request to
succeed (that is, grant access) only if all requested accesses are granted.
This Jira supports organizing accesses in groups where each group is granted
access if any access in the group is allowed, and the request is successful
(that is, user is allowed access) only if all groups are granted access.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
b0dc7a461
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
6a6709254
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
c43ec4c2f
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
df0352ca9
agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json
8962c5a3f
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
c892bced3
Diff: https://reviews.apache.org/r/75047/diff/1/
Testing
-------
Updated the unit tests for muliple access
(agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json).
Ran all unit tests successfully.
Thanks,
Abhay Kulkarni
