fateh288 opened a new pull request, #410: URL: https://github.com/apache/ranger/pull/410
…urceMatchingScope, support shortcircuit column auth ## What changes were proposed in this pull request? RANGER-4977: Introduced a new SELF_AND_ALL_DESCENDANTS ResourceMatchingScope which is now used for column family authorization which fixes bug in scan operation wherein a denied column was also being returned in the scan operation. RANGER-4670: A property/flag can be set via hbase service configs wherein during column level authorization, it can be used to determine if an authorization at column family can be used to determine if column authorization can be shortcircuited as an optimization (there will be audit behavior changes in this case). This is useful for improving performance especially for multiget and multiput workloads wherein thousands of columns can come in the authorization request and just checking column family level access can improve performance drastically ## How was this patch tested? New unit test cases have been added for the policy engine for the new ResourceMatchingScope of SELF_AND_ALL_DESCENDANTS. New test cases have also been added for hbase. The test cases cover the scan operation bug and also covers new unit test cases for testing correctness of column authorization shortcircuiting. These test cases do not work on master branch currently https://issues.apache.org/jira/browse/RANGER-4686 but I have verified that they work on my private fork. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
