rameeshm opened a new pull request, #988: URL: https://github.com/apache/ranger/pull/988
## What changes were proposed in this pull request? getResourceACLs for a principal should consider validitySchedule of principal for ACL creation. Currently getResourceACLs returns a set of ACLs for the principal but if the principal is has a validity period which is expired, it is giving the ACLs which are there which is not correct. This scenario occurs in GDS where a principal validity period is expired and ACL still show the access given, even though there is no access. Show Privileges in RangerHiveAuthorizer uses the getResourceACLs which also result in wrong permission sets shown when the principal validity period expired. Fix will filter the getResourceACLs for the Prinicipal in RangerHiveAuthorizer if the validitySchedule is not allowing the access for the resource. ## How was this patch tested? Tested in Local VM and Unit Tests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
