----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75252/#review227033 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Line 1919 (original), 1922 (patched) <https://reviews.apache.org/r/75252/#comment315319> LOG.debug("getDataSetGrants(): no grants available in dataset(id={}), policy(id={}) for query {}", id, policies.get(0).getId(), request.getQueryString()); security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Line 1922 (original), 1925 (patched) <https://reviews.apache.org/r/75252/#comment315318> LOG.debug("getDataSetGrants(): no policy found for dataset(id={})", id); security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Lines 2108 (patched) <https://reviews.apache.org/r/75252/#comment315314> Consider avoiding toString().toLowerCase() by replacing #2105 - #2114 with: switch (principal.getType()) { case PrincipalType.USER: policyItem.getUsers().remove(principal.getName()); break; case PrincipalType.GROUP: policyItem.getGroups().remove(principal.getName()); break; case PrincipalType.ROLE: policyItem.getRoles().remove(principal.getName()); break; } security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Lines 2140 (patched) <https://reviews.apache.org/r/75252/#comment315315> Consider replacing: grant.getPrincipal().getType().toString().equalsIgnoreCase(PRINCIPAL_TYPE_USER) with: grant.getPrincipal().getType() == PrincipalType.USER Similarly for GROUP and ROLE as well. security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Lines 2158 (patched) <https://reviews.apache.org/r/75252/#comment315316> Consider replacing "principalType.equalsIgnoreCase(..)" by replacing #2154 - #2165 with: return policyItem -> { switch (principal.getType()) { case PrincipalType.USER: return policyItem.getUsers().contains(principalName) case PrincipalType.GROUP: return policyItem.getGroups().contains(principalName) case PrincipalType.ROLE: return policyItem.getRoles().contains(principalName) } return false; }; security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Lines 2190 (patched) <https://reviews.apache.org/r/75252/#comment315317> Instead of calling toLowerCase() on every call, consider initializing PRINCIPAL_TYPE_USER/PRINCIPAL_TYPE_GROUP/PRINCIPAL_TYPE_ROLE with lower case name. - Madhan Neethiraj On Nov. 6, 2024, 8:44 p.m., Radhika Kundam wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75252/ > ----------------------------------------------------------- > > (Updated Nov. 6, 2024, 8:44 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-4960 > https://issues.apache.org/jira/browse/RANGER-4960 > > > Repository: ranger > > > Description > ------- > > This Grant API introduces functionality to grant or revoke specific > permissions on datasets to external users, groups, or roles. It includes > support for defining access validity based on policy item conditions. > > Key features include: > 1. Permission Management: Enables granting and revoking access to datasets > for designated users, groups, or roles. > 2. Policy-Based Validity: Allows setting validity periods and conditions > within policy items, defining the scope and duration of access for each user, > group, or role. > > This API enhancement provides flexibility in managing dataset permissions, > improving security and control over data access. > > Attached file for Grant API UseCases. > > Detailed information about Grant API request and response attached to Jira. > > > Diffs > ----- > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGrant.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyHeader.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java > a6c6746b3 > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java c66429834 > > security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java > acfce5f0a > security-admin/src/test/java/org/apache/ranger/rest/TestGdsREST.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/75252/diff/4/ > > > Testing > ------- > > Tested locally. > > > File Attachments > ---------------- > > Grant API UseCases > > https://reviews.apache.org/media/uploaded/files/2024/11/06/db61e292-0942-428b-b6d9-c771336dfca0__Grant_API_UseCases.pdf > > > Thanks, > > Radhika Kundam > >
