----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/32552/#review78065 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java <https://reviews.apache.org/r/32552/#comment126462> Instead of using policy, please use matchers. agents-common/src/test/resources/policyengine/test_policyengine_hive.json <https://reviews.apache.org/r/32552/#comment126464> Update "requestData" field with the appropriate query string - like 'show columns in table1 from db1;' This will help understand the usecase better. Please review other tests as well. hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java <https://reviews.apache.org/r/32552/#comment126471> This method duplicates much of existing logAudit() method; consider reusing exisitng method, after necessary refactoring. hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java <https://reviews.apache.org/r/32552/#comment126472> The method seems to be dealing with only 'meta' operations. To make the intent clear, it will be good to rename this method to something like getAccessTypeForMetaOperation() - similar to RangerHiveAuthorizer.isMetaDataOperation(). hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java <https://reviews.apache.org/r/32552/#comment126475> initialziation of 'ret' can be moved up, before the for() loop; and this null check can be avoided in the loop. hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java <https://reviews.apache.org/r/32552/#comment126479> actionType is not used in this method. Also all parameters can be derived from parameters can be HivePrivilegeObject. So it might be cleaner to just pass HivePrivilegeObject to this method. - Madhan Neethiraj On March 26, 2015, 10:34 p.m., Alok Lal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/32552/ > ----------------------------------------------------------- > > (Updated March 26, 2015, 10:34 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-238 > https://issues.apache.org/jira/browse/RANGER-238 > > > Repository: ranger > > > Description > ------- > > Filter Hive database and table listing based on permissions > > Some additional changes submitted as part of the above > - Fixed a problem with "any" access logic. New tests were added to validate > this functionality. > - Removed explicit groupid of child projects. > - Removed redefinition depedencies version if specified in parent pom. > - Added generated code directory to .gitignore. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > d5332b2 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > b4175e2 > agents-common/src/test/resources/policyengine/test_policyengine_hive.json > 2ac90ae > hbase-agent/pom.xml 5c74b94 > hdfs-agent/pom.xml 6ebf633 > hive-agent/pom.xml 1c556db > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > 39f5773 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 7110861 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 72e6652 > ranger-util/.gitignore ffdf566 > ranger_solrj/pom.xml 1924e87 > ugsync/pom.xml aee6e7a > unixauthclient/pom.xml b296d33 > unixauthservice/pom.xml 920b2cd > > Diff: https://reviews.apache.org/r/32552/diff/ > > > Testing > ------- > > System tests to follow in another patch. > > > Thanks, > > Alok Lal > >
