Re: Review Request 75024: RANGER-4805: Disable Atlas service under the policy permission of Tag-based policy

Wed, 17 Jul 2024 03:43:11 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75024/
-----------------------------------------------------------

(Updated July 17, 2024, 10:42 a.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, sanket 
shelar, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Resolved merge conflict


Bugs: RANGER-4805
    https://issues.apache.org/jira/browse/RANGER-4805


Repository: ranger


Description
-------

Steps to reproduce:

Created a tag policy for a `test` classification 
Added deny permission for user `tuser`
Access entity tagged with `test` classification through `tuser` through Atlas UI


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
 ec6bc77c5 
  
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
 5c06cd602 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
12e833b02 
  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
c98da315d 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 81494bdea 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
3f01a42d1 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
27ef48c3c 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
660cc52be 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
6e445d5ab 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
 7d363c4c7 


Diff: https://reviews.apache.org/r/75024/diff/5/

Changes: https://reviews.apache.org/r/75024/diff/4-5/


Testing
-------

1)Verified that while creating or updating a Tag-based policy, the accessType 
for the Atlas service is not allowed.
2)Confirmed that the accessType for the Atlas service is not included in the 
default Tag-based policy.
3)Tested upgrade scenarios, any existing Tag-based policies have the accessType 
for the Atlas service removed and verified the serviceDef are updated with 
RangerServiceDef.options.


Thanks,

Rakesh Gupta

Reply via email to