[jira] [Created] (RANGER-4635) User with no access can able to replicate schema of a table using temporary table creation via "LIKE"
Kundan Kumar Jha created RANGER-4635: Summary: User with no access can able to replicate schema of a table using temporary table creation via "LIKE" Key: RANGER-4635 URL: https://issues.apache.org/jira/browse/RANGER-4635 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Kundan Kumar Jha *PROBLEM STATEMENT:* Users which don't have access on any resource can able to create a temporary table using"LIKE" statement with same schema as another table and extract schema info of non accessible table. *STEPS TO REPRODUCE:* 1. Delete all the policies in ranger. 2. Then give all access(*, *, *) to "hive" and "user_1" via hive policy. 3. Then create a database a_db and a table a_db.a_table with schema using user user_1: {code:java} +---++--+ | col_name | data_type | comment | +---++--+ | id | int | | | name | string | | +---++--+ {code} 4. Then kinit as user_2 user(which don't have access to any resource) and create a temporary table like a_db.a_table using following cmd: {code:java} create temporary table temp_t like a_db.a_table; {code} 5. Then run following cmd to describe temporary table temp_t: {code:java} desc temp_t;{code} output: {code:java} +---++--+ | col_name | data_type | comment | +---++--+ | id | int | | | name | string | | +---++--+ {code} *CURRENT BEHAVIOUR:* The temp table "temp_t" got created successfully with same schema as "a_table" and the user user_2 with no access can able to view the schema of a non accessible table. *EXPECTED BEHAVIOUR:* The user which doesn't have access on a table should not able to create a temporary table with it using "LIKE" query. *OCCURRENCE:* manual testing *IMPACT:* User can access the schema of a non accessible table. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4634: -- Assignee: Prashant Satam > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related > entities(i.e shared-resources, dataShareInDatasets) connected to it we get > error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74821: RANGER-4634 : Need cascade delete for service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74821/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4634 https://issues.apache.org/jira/browse/RANGER-4634 Repository: ranger Description --- Currently when we delete a service which has datashares and related entities(i.e shared-resources, dataShareInDatasets) connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 49386d08c Diff: https://reviews.apache.org/r/74821/diff/1/ Testing --- Steps to check 1)create a resource service 2)create a datashare and link it to the service 3)delete this service ,Now the service will be deleted and the connected datashare will be deleted Thanks, Prashant Satam
[jira] [Updated] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4634: --- Description: Currently when we delete a service which has datashares and related entities(i.e shared-resources, dataShareInDatasets) connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service was: Currently when we delete a service which has datashares and related entities connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related > entities(i.e shared-resources, dataShareInDatasets) connected to it we get > error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4634: --- Description: Currently when we delete a service which has datashares and related entities connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related entities > connected to it we get error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4634) Need cascade delete for service
Prashant Satam created RANGER-4634: -- Summary: Need cascade delete for service Key: RANGER-4634 URL: https://issues.apache.org/jira/browse/RANGER-4634 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74753: RANGER-4521: All records not displayed on Admin Audits UI when filtered using session ID
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74753/#review226111 --- Ship it! Ship It! - Dineshkumar Yadav On Dec. 19, 2023, 9:57 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74753/ > --- > > (Updated Dec. 19, 2023, 9:57 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4521 > https://issues.apache.org/jira/browse/RANGER-4521 > > > Repository: ranger > > > Description > --- > > Some audit entries for keyadmin user are missing when filtered using > sessionID or Audit Type = Ranger Policy. Also when moved to next page most > audit entries are missing > > (Audits for import and export are shown, audit corresponding to policy crud > operation is missing for keyadmin user) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java > 9d9e0bbc0 > > > Diff: https://reviews.apache.org/r/74753/diff/5/ > > > Testing > --- > > Tested All audits are displayed properly with filter and without filter for > admin and keyadmin user. > > > Thanks, > > Rakesh Gupta > >
[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare
[ https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804114#comment-17804114 ] Abhishek commented on RANGER-: -- Hi [~madhan], In that case, whenever a security zone is deleted (from UI/API), the linked datashares will also be deleted (since the forceDelete flag is set True by default). Should this be the expected behaviour i.e trigger a cascading delete of datashare whenever a security zone is deleted? Thank you > When security-zone is deleted with force, trigger cascade delete of datashare > - > > Key: RANGER- > URL: https://issues.apache.org/jira/browse/RANGER- > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > When security-zone is deleted with force, trigger cascade delete of datashare > also. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [DISCUSS] merge RANGER-3923 branch into master branch
Rangers, FYI. I will be merging RANGER-3923 branch to master on Jan-08, Monday. Thanks, Madhan On 1/3/24, 2:20 PM, "Ramesh Mani" mailto:rm...@apache.org>> wrote: +1 for merging the RANGER-3923 branch into master. Thanks Madhan for the effort. This is a significant enhancement enabling datasets' authorization and auditing. Regards, Ramesh On Tue, Jan 2, 2024 at 3:01 PM Madhan Neethiraj mailto:mad...@apache.org>> wrote: > (apologies for the resend; earlier mail had HTML formatting which got > lost, now sending in plain text format) > > Rangers, > > For more than a year now, Apache Ranger community has been adding > significant enhancements in RANGER-3923 branch. These enhancements enable > business managers to manage access to datasets, instead of having data > owners to manage access to individual resources like tables, columns, > files, directories. > > In addition, this approach offers several benefits including: > - reduced time for users in getting access to data across multiple > services, with a single policy update. > - business managers like project managers to manage access to datasets > instead of multiple data owners, which reduces the time taken to get access > to data. > - separation of responsibilities: data owners focus on building > datasets, while business managers focus on managing access to datasets. > - eliminate the need to update access policies for any changes in > datasets like add/remove/change resources. > > Apache Ranger community has built APIs and UI to manage datasets and > access to datasets. Apache Ranger policy engine has been updated as well to > support datasets. I propose merging these enhancements into master branch > this week, and work towards releasing Apache Ranger 3.0 version, by next > month. Please share your feedback. > > Looking forward to Apache Ranger 3.0 release! > > Thanks, > Madhan > > >
[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare
[ https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804094#comment-17804094 ] Madhan Neethiraj commented on RANGER-: -- [~abhishek.patil] - I suggest retaining current behavior of security-zone DELETE API; introducing {{forceDelete}} flag will result in regression for existing callers. If we are to introduce {{forceDelete}} flag, the default value should be true, to avoid regression. > When security-zone is deleted with force, trigger cascade delete of datashare > - > > Key: RANGER- > URL: https://issues.apache.org/jira/browse/RANGER- > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > When security-zone is deleted with force, trigger cascade delete of datashare > also. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare
[ https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803988#comment-17803988 ] Abhishek commented on RANGER-: -- Hi [~suchnit] , [~mad...@apache.org], Currently, the DELETE API for security zone does not use forceDelete param. Should the forceDelete param be implemented for security zones DELETE API and then based on the value, trigger the cascading delete of the datashare as well? Thank you > When security-zone is deleted with force, trigger cascade delete of datashare > - > > Key: RANGER- > URL: https://issues.apache.org/jira/browse/RANGER- > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > When security-zone is deleted with force, trigger cascade delete of datashare > also. -- This message was sent by Atlassian Jira (v8.20.10#820010)