[
https://issues.apache.org/jira/browse/RANGER-4299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-4299:
-------------------------------------
Fix Version/s: 2.5.0
> Zone resource validator handling of resources at different levels
> -----------------------------------------------------------------
>
> Key: RANGER-4299
> URL: https://issues.apache.org/jira/browse/RANGER-4299
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.5.0
>
> Attachments: RANGER-4299.patch
>
>
> A critical requirement for security zone is to ensure that a given resource
> belongs to at most only one security zone. This works well when all zones
> have resources with the same resource hierarchy - like path, database/table,
> database/table. However, when zones contain resources with different
> hierarchies, the validation doesn't enforce above requirement. For example:
>
>
> {code:java}
> Zone1: [ { database: * } ]
> Zone2: [ { database: db1, table: tbl1 } ]
> {code}
>
> Above zones are not a valid, as table {{db1.tbl1}} belongs to both Zone1 and
> Zone2. However, zone resource validator doesn't handle this case correctly
> hence allows zones with above resources. Validation should be fixed to
> prevent zones with above resources.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
