Re: Review Request 35162: RANGER-533: Hbase plugin: if user does not have family-level access to any family in a table then user may be incorrectly denied access done at table/family level during get or scan. Scan/get done at column level is working correctly, so are other operations like put and delete.

Fri, 05 Jun 2015 22:24:01 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35162/#review86901
-----------------------------------------------------------



hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
<https://reviews.apache.org/r/35162/#comment139062>

    discardAuditEvent is outside the following loop. Earlier, 
discardMostRecentEvent() was called within the loop multiple times. Can you 
please make sure that after this refactoring, the audit-events list remains the 
same.



hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
<https://reviews.apache.org/r/35162/#comment139063>

    The code is much easier to read. Thanks!



hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
<https://reviews.apache.org/r/35162/#comment139064>

    When the user has family level access, I think we still have to audit the 
access to each column. Please make sure that this is done.


- Madhan Neethiraj


On June 6, 2015, 3:36 a.m., Alok Lal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35162/
> -----------------------------------------------------------
> 
> (Updated June 6, 2015, 3:36 a.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-533
>     https://issues.apache.org/jira/browse/RANGER-533
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> - Changed code for filter and authorizer.
> - Added misc logging to some classes for ease of debuggin
> 
> 
> Diffs
> -----
> 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
>  e0b652e 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandler.java
>  bbff6df 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
>  e383614 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  abf8a33 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
>  ae61a1e 
> 
> Diff: https://reviews.apache.org/r/35162/diff/
> 
> 
> Testing
> -------
> 
> Testing scenario laid out in the apache JIRA.
> 
> 
> Thanks,
> 
> Alok Lal
> 
>

Reply via email to