Re: Review Request 35162: RANGER-533: Hbase plugin: if user does not have family-level access to any family in a table then user may be incorrectly denied access done at table/family level during get or scan. Scan/get done at column level is working correctly, so are other operations like put and delete.

[Alok Lal]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35162/
-----------------------------------------------------------

(Updated June 5, 2015, 8:36 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Rework comments addressed:
- move access type changes to one place
- changed filter to have single return
- abstracted audit handling in authorizer and filter out of main 
loop/processing.


Bugs: RANGER-533
    https://issues.apache.org/jira/browse/RANGER-533


Repository: ranger


Description
-------

- Changed code for filter and authorizer.
- Added misc logging to some classes for ease of debuggin


Diffs (updated)
-----

  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
 e0b652e 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java
 bbff6df 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
 e383614 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 abf8a33 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
 ae61a1e 

Diff: https://reviews.apache.org/r/35162/diff/


Testing
-------

Testing scenario laid out in the apache JIRA.


Thanks,

Alok Lal