Dineshkumar Yadav created RANGER-5162:
-----------------------------------------
Summary: Tag Allowed policy is not being enforced
Key: RANGER-5162
URL: https://issues.apache.org/jira/browse/RANGER-5162
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 2.6.0
Reporter: Dineshkumar Yadav
Steps to repro the issue using Docker setup
# Apply patch to create file based tag.
# Setup Ranger Docker
#
{code:java}
use below command to up ranger docker
docker-compose -f docker-compose.ranger.yml -f
docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f
docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d {code}
#
{code:java}
restart tagsync docket to get file based tags into ranger
docker restart ranger-tagsync
exit
docker exec -u root -it ranger-usersync bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit{code}
#
{code:java}
get inside hive container
docker exec -u root -it ranger-hive bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit
docker exec -u hive -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n hive(command to connect beeline)
create database vehicle;
use vehicle;
create table cars(car_id int, car_name string, car_color string, car_price int);
exit
{code}
# create tag policy into Ranger using tag "TAG_1" assign all permission to
user finuser1 created in step 4
#
{code:java}
Now perform verification
docker exec -u finuser1 -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n finuser1(command to connect beeline)
select * from vehicle.cars; {code}
# step 7 access will get denied where as expected to allow by tag policy
created in steps 6
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
