----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/35552/#review88288 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java (line 55) <https://reviews.apache.org/r/35552/#comment140732> How is SELF_OR_CHILDREN different from SELF_OR_DESCENDANTS? Is it about the depth of the child nodes? If yes, please review use of the scope in RnagerDefaultPolicyEvaluator - to make sure taht attemptHeadMatch is set to true for both these values.. If SELF_OR_CHILDREN is not used, perhaps it will be simple to just remove it. - Madhan Neethiraj On June 17, 2015, 7:55 p.m., Alok Lal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/35552/ > ----------------------------------------------------------- > > (Updated June 17, 2015, 7:55 p.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-558 > https://issues.apache.org/jira/browse/RANGER-558 > > > Repository: ranger > > > Description > ------- > > Hbase plugin: unless user has READ access at some level under the > table/family being accessed (via scan/get) authorizer should throw an > exception and audit > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 82a18fc > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > e1326ea > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 030cd87 > > Diff: https://reviews.apache.org/r/35552/diff/ > > > Testing > ------- > > Manual testing at table/family for scan/get/put/delete. > > > Thanks, > > Alok Lal > >
