-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53043/
-----------------------------------------------------------
(Updated Oct. 28, 2016, 6:37 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Ensure that access-resource is valid before attempting a match.
If policy-resource matches everything, then return ANCESTOR-match.
Bugs: RANGER-1190
https://issues.apache.org/jira/browse/RANGER-1190
Repository: ranger
Description
-------
Scenario: A user has some access to a table/column in a database - exclusively
via a tag-based policy. For example: 'hr.employee.ssn' column is tagged as PII
and user has 'select' access granted on 'PII' tag. User does not have any other
access in 'hr' database.
In this scenario, 'show databases' command in beeline does not include 'hr'
database. Since the user has some access into 'hr' database, the user will
expect to see 'hr' database in the command result.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
3c342a3
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
6873554
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java
637423e
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
1a6e1b2
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagForEval.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
905262c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerTagAccessRequest.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerTagResource.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCachedPolicyEvaluator.java
7711765
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
899b216
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
84aac1e
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
3b831c3
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
00f8f9a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
9219450
agents-common/src/test/java/org/apache/ranger/plugin/contextenricher/TestTagEnricher.java
30190ab
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
cb0af84
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java
PRE-CREATION
agents-common/src/test/resources/contextenricher/test_tagenricher_hive.json
317c651
agents-common/src/test/resources/policyengine/descendant_tags.json
PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_conditions.json
2ab2bee
agents-common/src/test/resources/policyengine/test_policyengine_descendant_tags.json
PRE-CREATION
agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json
6c9b966
agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json
fab93f6
agents-common/src/test/resources/policyengine/test_policyengine_tag_hive_filebased.json
443ee53
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher.json
PRE-CREATION
Diff: https://reviews.apache.org/r/53043/diff/
Testing
-------
Ran unit tests successfully. Tested with hive-server2 with ranger plugin and
Ranger/TagSync/Atlas stack.
Thanks,
Abhay Kulkarni
