[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
 ] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:11 PM:
---

[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.


was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread Ramesh Mani (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576773#comment-16576773
 ] 

Ramesh Mani commented on RANGER-2185:
-

[~dhomme] Solution you are proposing is very invasive in policy engine and not 
recommended at all.

You may need to revisit this and see if this an can be addressed in ranger hive 
plugin.

Also when I tried this in the current version, I couldn't reproduce this and 
worked as expected, so I am not sure which version of ranger you tested this 
with.

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68286: RANGER-2186: Increment service-specific policy and tag versions after update transaction is committed

2018-08-10 Thread Abhay Kulkarni 


> On Aug. 10, 2018, 11:58 a.m., Zsombor Gegesy wrote:
> > security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
> > Lines 122 (patched)
> > 
> >
> > Why this complicated is machinery with the thread locals and lists and 
> > registration is needed? 
> > 
> > You can easily have the same functionality - running a 'Runnable' 
> > object after a transaction finish, with just like this:
> > 
> > ```java
> > public void executeOnTransactionCommit(Runnable runnable) { 
> > TransactionSynchronizationManager.registerSynchronization(new 
> > TransactionSynchronizationAdapter() {
> > public void afterCommit() {
> >runnable.run();
> > }
> >   }
> > }
> > ```

The main purpose of the 'machinery' is to group several tasks together and 
accomplish them as one atomic unit after transaction is committed. The tasks 
themselves have only one thing in common; that they need to be all done or all 
rolled back. Such atomicity cannot be achieved with the shown code fragment.


- Abhay


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68286/#review207072
---


On Aug. 10, 2018, 12:58 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68286/
> ---
> 
> (Updated Aug. 10, 2018, 12:58 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2186
> https://issues.apache.org/jira/browse/RANGER-2186
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Policy updates to different policies within a service, when successful, 
> update the service's policy version. If the update transactions are 
> concurrent, and executed on different ranger-admin servers (in HA 
> configuration), then it is possible that policy-version of the transaction 
> that commits later overwrites policy-version of earlier transaction, 
> effectively losing track of the first change.
> 
> If policy-version is updated after update to policy is committed, then the 
> window of such loss is greatly reduced.
> 
> Similar considerations apply for tag updates.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
>  69ded6dc8 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 0773616f9 
>   
> security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
>  2a62fb408 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
>  e1003297a 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> cb496ea8b 
> 
> 
> Diff: https://reviews.apache.org/r/68286/diff/1/
> 
> 
> Testing
> ---
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
 ] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:11 PM:
---

[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.


was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
 ] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:16 PM:
---

[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

-Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.- Upon reading this further, this might not be 
relevant, but worth taking a look. 


was (Author: vperiasamy):
[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

Please take a look if https://issues.apache.org/jira/browse/RANGER-2061 might 
be leveraged for this work.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576583#comment-16576583
 ] 

Velmurugan Periasamy commented on RANGER-1958:
--

[~an...@apache.org] - could you please take a look at the comments on 
[https://reviews.apache.org/r/65950/] and update the patch? CC 
[~rmani]/[~abhayk] 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576606#comment-16576606
 ] 

Velmurugan Periasamy edited comment on RANGER-1958 at 8/10/18 5:20 PM:
---

??Although the long-term solution for Ranger could be to implement the 
coprocessor hooks for Phoenix as how it has been done for HBase so that we can 
also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can not be 
supported with native HBase ACLs) along with Table and Schema.??

[~an...@apache.org] - could you file a Jira for the above? Thanks. 


was (Author: vperiasamy):
>> Although the long-term solution for Ranger could be to implement the 
>>coprocessor hooks for Phoenix as how it has been done for HBase so that we 
>>can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can 
>>not be supported with native HBase ACLs) along with Table and Schema.

[~an...@apache.org] - could you file a Jira for the above? Thanks. 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-08-10 Thread Velmurugan Periasamy (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16576606#comment-16576606
 ] 

Velmurugan Periasamy commented on RANGER-1958:
--

>> Although the long-term solution for Ranger could be to implement the 
>>coprocessor hooks for Phoenix as how it has been done for HBase so that we 
>>can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs (which can 
>>not be supported with native HBase ACLs) along with Table and Schema.

[~an...@apache.org] - could you file a Jira for the above? Thanks. 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

2018-08-10 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68293/#review207105
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Aug. 10, 2018, 1:22 p.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68293/
> ---
> 
> (Updated Aug. 10, 2018, 1:22 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2114
> https://issues.apache.org/jira/browse/RANGER-2114
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> An attempt to delete a service definition ends with:
>  
> // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
> Data too long for column 'content' at row 1
> Error Code: 1406
> Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
> obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
> bind = [11 parameters bound]
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba 
>   security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/68293/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the following
> 1.In fresh install and upgrade scenario.
> 2.Checked the data type of x_data_hist is changed from text to mediumtext.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 68292: RANGER-2187 : External Group search fails on Ranger UI when installed with postgres

2018-08-10 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68292/#review207104
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Aug. 10, 2018, 11:19 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68292/
> ---
> 
> (Updated Aug. 10, 2018, 11:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2187
> https://issues.apache.org/jira/browse/RANGER-2187
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> External Group search fails on Ranger UI when installed with postgres
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java da33968 
>   security-admin/src/main/java/org/apache/ranger/service/XGroupService.java 
> ddcd287 
>   security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
> de21213 
>   
> security-admin/src/test/java/org/apache/ranger/service/TestXGroupService.java 
> 85490dd 
> 
> 
> Diff: https://reviews.apache.org/r/68292/diff/1/
> 
> 
> Testing
> ---
> 
> 1.) Verified Group search filter for Group Source, syncing with UNIX, LDAP 
> and AD.
> 2.) Verifeid for oracle, mysql, ms sql, sql anywhere and posgresSQL.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

2018-08-10 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68293/#review207108
---



@fatima : I think similar changes also required for postgres database.

- bhavik patel


On Aug. 10, 2018, 1:22 p.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68293/
> ---
> 
> (Updated Aug. 10, 2018, 1:22 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2114
> https://issues.apache.org/jira/browse/RANGER-2114
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> An attempt to delete a service definition ends with:
>  
> // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
> Data too long for column 'content' at row 1
> Error Code: 1406
> Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
> obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
> bind = [11 parameters bound]
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba 
>   security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/68293/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the following
> 1.In fresh install and upgrade scenario.
> 2.Checked the data type of x_data_hist is changed from text to mediumtext.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 68288: RANGER-2177 Fix browser hangs bug

2018-08-10 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68288/#review207102
---


Ship it!




Ship It!

- Qiang Zhang


On 八月 10, 2018, 5:43 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68288/
> ---
> 
> (Updated 八月 10, 2018, 5:43 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-2177
> https://issues.apache.org/jira/browse/RANGER-2177
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We have found one bug while using this validation feature.
> Case :
> When we specify more than two configuration item with the same name and click 
> on save button, it shows validation popup but browser hangs after that( i 
> think some loop in code goes in infinite).
> Can you check the above case?
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/service/ServiceForm.js 
> 726fb5f3d 
> 
> 
> Diff: https://reviews.apache.org/r/68288/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

[jira] [Updated] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dhomme updated RANGER-2185:
---
Attachment: 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 68290: RANGER-2185:when user has access to some of Hive databases, execute command 'show databases' will show the access databases

2018-08-10 Thread misaki mei via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68290/
---

Review request for ranger.


Bugs: RANGER-2185
https://issues.apache.org/jira/browse/RANGER-2185


Repository: ranger


Description
---

When a user execute 'show databases;' via hive, ranger hive plugin should check 
if the user has any databases to access but not all(*).


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
 2ee616a1b 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
 580048627 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
 18bb1f44f 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 23d1efa15 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 415263eef 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 3ed79df83 


Diff: https://reviews.apache.org/r/68290/diff/1/


Testing
---

Tesetd with local env.


Thanks,

misaki mei

[jira] [Commented] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


[ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16575976#comment-16575976
 ] 

dhomme commented on RANGER-2185:


Patch is available at the Review Board.

https://reviews.apache.org/r/68290/

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Assign a JIRA to me

2018-08-10 Thread pengquan 
Hi,     I want to resolve the JIRA RANGER-2185 , please assign the JIRA to 
me.Thanks.
Yours.

Re: Review Request 68128: RANGER-2170:Ranger supports plugin to enable, monitor and manage Elasticsearch

2018-08-10 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68128/#review207073
---




plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
Lines 99 (patched)


I don't get it, why this clientIPAddress is used. This is not a client IP 
address, but the current ElasticServer's address. This could confuse the users. 
Why not leaving just empty, if ES won't provide it automatically?



plugin-elasticsearch/src/main/java/org/apache/ranger/services/elasticsearch/client/ElasticsearchClient.java
Lines 139 (patched)


I guess, joptsimple.internal.Strings.EMPTY is just "". I don't think, it is 
good idea to depend on a library just for this - and this library is not 
directly included in the pom.



ranger-elasticsearch-plugin-shim/src/main/java/org/apache/ranger/authorization/elasticsearch/plugin/RangerElasticserachPlugin.java
Lines 50 (patched)


RangerElasticserachPlugin -> RangerElasticsearchPlugin



ranger-elasticsearch-plugin-shim/src/main/java/org/apache/ranger/authorization/elasticsearch/plugin/action/filter/RangerSecurityActionFilter.java
Lines 76 (patched)


Isn't it possible to get the user's IP address from action.remoteAddress()? 
I'm not too familiar with ES inner workings.



ranger-elasticsearch-plugin-shim/src/main/java/org/apache/ranger/authorization/elasticsearch/plugin/action/filter/RangerSecurityActionFilter.java
Lines 88 (patched)


Isn't it a security problem, if no user name is there, the plugin allows 
everything?


- Zsombor Gegesy


On Aug. 1, 2018, 9:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68128/
> ---
> 
> (Updated Aug. 1, 2018, 9:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2170
> https://issues.apache.org/jira/browse/RANGER-2170
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Elasticsearch is a distributed, RESTful search and analytics engine capable 
> of solving a growing number of use cases. 
> Like Apache Solr, it is also an index server based on Lucence.
> Ranger supports plugin to enable, monitor and manage Elasticsearch,
> to control index security of Elasticsearch.
> 
> As there is X-Pack plugin for the Elasticsearch, but it is not free.
> X-Pack is an Elastic Stack extension that bundles security, alerting, 
> monitoring, reporting, 
> and graph capabilities into one easy-to-install package.
> We refer to the Indices Privileges design of X-Pack,
> by keeping the permissions consistent,
> to make user use ranger Elasticsearch plugin easily.
> Reference X-Pack Indices Privileges:
> https://www.elastic.co/guide/en/x-pack/current/security-privileges.html
> 
> Here we develop Ranger Elasticsearch plugin, based on Elasticsearch version 
> 6.2.2.
> Elasticsearch 6.2.2 was released in February 20, 2018, reference 
> release-notes:
> https://www.elastic.co/guide/en/elasticsearch/reference/6.2/release-notes-6.2.2.html
> Not like other system, Elasticsearch has no basic authentication, 
> it uses X-pack plugin to support basic authentication, 
> role-based access control, SSL/TLS encryption, LDAP and so on.
> Not like X-pack, our Ranger Elasticsearch plugin is designed to do 
> authorization,
> it is to control index of Elasticsearch without authentication,
> this plugin should work with other Elasticsearch plugin to authenticate users.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh ce0dc8c 
>   agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java 
> e654f2b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  5e74da8 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json
>  PRE-CREATION 
>   plugin-elasticsearch/.gitignore PRE-CREATION 
>   plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg 
> PRE-CREATION 
>   plugin-elasticsearch/conf/ranger-elasticsearch-audit.xml PRE-CREATION 
>   plugin-elasticsearch/conf/ranger-elasticsearch-security-changes.cfg 
> PRE-CREATION 
>   plugin-elasticsearch/conf/ranger-elasticsearch-security.xml PRE-CREATION 
>   plugin-elasticsearch/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>

Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

2018-08-10 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68293/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2114
https://issues.apache.org/jira/browse/RANGER-2114


Repository: ranger


Description
---

An attempt to delete a service definition ends with:
 
// Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
Data too long for column 'content' at row 1
Error Code: 1406
Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
bind = [11 parameters bound]


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba 
  security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION 


Diff: https://reviews.apache.org/r/68293/diff/1/


Testing
---

Tested the following
1.In fresh install and upgrade scenario.
2.Checked the data type of x_data_hist is changed from text to mediumtext.


Thanks,

Fatima Khan

[jira] [Updated] (RANGER-2114) Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

2018-08-10 Thread Fatima Amjad Khan (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2114:
--
Attachment: RANGER-2114.patch

> Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data 
> too long for column 'content' at row 1
> 
>
> Key: RANGER-2114
> URL: https://issues.apache.org/jira/browse/RANGER-2114
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Alexander Posledov
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: RANGER-2114.patch
>
>
> An attempt to delete a service definition ends with:
>  
> {code:java}
> // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
> Data too long for column 'content' at row 1
> Error Code: 1406
> Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
> obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
> bind = [11 parameters bound]
> {code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68290: RANGER-2185:when user has access to some of Hive databases, execute command 'show databases' will show the access databases

2018-08-10 Thread misaki mei via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68290/
---

(Updated 八月 10, 2018, 11:06 a.m.)


Review request for ranger.


Bugs: RANGER-2185
https://issues.apache.org/jira/browse/RANGER-2185


Repository: ranger


Description
---

When a user execute 'show databases;' via hive, ranger hive plugin should check 
if the user has any databases to access but not all(*).


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
 2ee616a1b 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
 580048627 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
 18bb1f44f 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 23d1efa15 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 415263eef 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 3ed79df83 


Diff: https://reviews.apache.org/r/68290/diff/2/

Changes: https://reviews.apache.org/r/68290/diff/1-2/


Testing
---

Tesetd with local env.


Thanks,

misaki mei

[jira] [Updated] (RANGER-2187) External Group search fails on Ranger UI when installed with postgres

2018-08-10 Thread bhavik patel (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

bhavik patel updated RANGER-2187:
-
Attachment: RANGER-2187.patch

> External Group search fails on Ranger UI when installed with postgres
> -
>
> Key: RANGER-2187
> URL: https://issues.apache.org/jira/browse/RANGER-2187
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.1.0
>Reporter: Mehul Parikh
>Assignee: bhavik patel
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2187.patch
>
>
> External Group search fails on Ranger UI when installed with postgres



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dhomme updated RANGER-2185:
---
Attachment: 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dhomme updated RANGER-2185:
---
Attachment: (was: 
0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch)

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68269: RANGER-2184 : Update RangerAtlas authorization to authorize add/update/remove of relationships

2018-08-10 Thread Gautam Borad 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68269/#review207070
---


Ship it!




Ship It!

- Gautam Borad


On Aug. 8, 2018, 4:47 p.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68269/
> ---
> 
> (Updated Aug. 8, 2018, 4:47 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2184
> https://issues.apache.org/jira/browse/RANGER-2184
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch includes update to RangerAtlas authorization to provide 
> authorization for Relationship with 
> 
> Actions : add-relationship, update-relationship, remove-relationship
> 
> 
> Diffs
> -
> 
>   
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
>  aa815b266 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
>  0ee262796 
>   
> ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
>  609dddb24 
> 
> 
> Diff: https://reviews.apache.org/r/68269/diff/2/
> 
> 
> Testing
> ---
> 
> Tested authorization with policies on end1 & end2 of entity-type and 
> classification.
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

[jira] [Assigned] (RANGER-2114) Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

2018-08-10 Thread Fatima Amjad Khan (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan reassigned RANGER-2114:
-

Assignee: Fatima Amjad Khan

> Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data 
> too long for column 'content' at row 1
> 
>
> Key: RANGER-2114
> URL: https://issues.apache.org/jira/browse/RANGER-2114
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Alexander Posledov
>Assignee: Fatima Amjad Khan
>Priority: Major
>
> An attempt to delete a service definition ends with:
>  
> {code:java}
> // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
> Data too long for column 'content' at row 1
> Error Code: 1406
> Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
> obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
> bind = [11 parameters bound]
> {code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68290: RANGER-2185:when user has access to some of Hive databases, execute command 'show databases' will show the access databases

2018-08-10 Thread misaki mei via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68290/
---

(Updated 八月 10, 2018, 11:14 a.m.)


Review request for ranger.


Bugs: RANGER-2185
https://issues.apache.org/jira/browse/RANGER-2185


Repository: ranger


Description
---

When a user execute 'show databases;' via hive, ranger hive plugin should check 
if the user has any databases to access but not all(*).


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
 2ee616a1b 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
 580048627 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
 18bb1f44f 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 23d1efa15 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 415263eef 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 3ed79df83 


Diff: https://reviews.apache.org/r/68290/diff/3/

Changes: https://reviews.apache.org/r/68290/diff/2-3/


Testing
---

Tesetd with local env.


Thanks,

misaki mei

Review Request 68292: RANGER-2187 : External Group search fails on Ranger UI when installed with postgres

2018-08-10 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68292/
---

Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-2187
https://issues.apache.org/jira/browse/RANGER-2187


Repository: ranger


Description
---

External Group search fails on Ranger UI when installed with postgres


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java da33968 
  security-admin/src/main/java/org/apache/ranger/service/XGroupService.java 
ddcd287 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
de21213 
  security-admin/src/test/java/org/apache/ranger/service/TestXGroupService.java 
85490dd 


Diff: https://reviews.apache.org/r/68292/diff/1/


Testing
---

1.) Verified Group search filter for Group Source, syncing with UNIX, LDAP and 
AD.
2.) Verifeid for oracle, mysql, ms sql, sql anywhere and posgresSQL.


Thanks,

bhavik patel

[jira] [Created] (RANGER-2187) External Group search fails on Ranger UI when installed with postgres

2018-08-10 Thread Mehul Parikh (JIRA) 
Mehul Parikh created RANGER-2187:


 Summary: External Group search fails on Ranger UI when installed 
with postgres
 Key: RANGER-2187
 URL: https://issues.apache.org/jira/browse/RANGER-2187
 Project: Ranger
  Issue Type: Bug
  Components: admin
Affects Versions: 1.1.0
Reporter: Mehul Parikh
Assignee: bhavik patel
 Fix For: 2.0.0


External Group search fails on Ranger UI when installed with postgres



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dhomme updated RANGER-2185:
---
Attachment: (was: 
0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch)

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2185) Hive Plugin show databases permission denied when user has access to some of the databases

2018-08-10 Thread dhomme (JIRA) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dhomme updated RANGER-2185:
---
Attachment: 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch

> Hive Plugin show databases permission denied when user has access to some of 
> the databases
> --
>
> Key: RANGER-2185
> URL: https://issues.apache.org/jira/browse/RANGER-2185
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: dhomme
>Priority: Major
>  Labels: security
> Attachments: 
> 0001-RANGER-2185-fix-showdatabases-permission-when-user-h.patch
>
>
> Add a  resource based policy to allow a user, hive, has access to the default 
> database. Then execute 'show databases;' via beeline, the user should see 
> 'default'. Instead following error is shown:
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hive] does not have [USE] privilege on [*] 
> (state=42000,code=4)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68290: RANGER-2185:when user has access to some of Hive databases, execute command 'show databases' will show the access databases

2018-08-10 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68290/#review207069
---



I don't think, this is a good solution - Hive specific changes shoudn't be 
added to the generic plugin code.
There is already a HiveAccessType.USE, and a RangerHiveAccessRequest is created 
if hiveOpType == HiveOperationType.SHOWDATABASES. I would rather see this 
accessType added to the UI, so users can create policies with database=* and  
accessType=USE. 
 Adding unit test would be nice too.

- Zsombor Gegesy


On Aug. 10, 2018, 11:14 a.m., dhomme wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68290/
> ---
> 
> (Updated Aug. 10, 2018, 11:14 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2185
> https://issues.apache.org/jira/browse/RANGER-2185
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a user execute 'show databases;' via hive, ranger hive plugin should 
> check if the user has any databases to access but not all(*).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
>  2ee616a1b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
>  580048627 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
>  18bb1f44f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
>  23d1efa15 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  415263eef 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
>  3ed79df83 
> 
> 
> Diff: https://reviews.apache.org/r/68290/diff/3/
> 
> 
> Testing
> ---
> 
> Tesetd with local env.
> 
> 
> Thanks,
> 
> dhomme
> 
>

Re: Review Request 68288: RANGER-2177 Fix browser hangs bug

2018-08-10 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68288/#review207071
---


Ship it!




Ship It!

- Zsombor Gegesy


On Aug. 10, 2018, 5:43 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68288/
> ---
> 
> (Updated Aug. 10, 2018, 5:43 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-2177
> https://issues.apache.org/jira/browse/RANGER-2177
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We have found one bug while using this validation feature.
> Case :
> When we specify more than two configuration item with the same name and click 
> on save button, it shows validation popup but browser hangs after that( i 
> think some loop in code goes in infinite).
> Can you check the above case?
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/service/ServiceForm.js 
> 726fb5f3d 
> 
> 
> Diff: https://reviews.apache.org/r/68288/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 68286: RANGER-2186: Increment service-specific policy and tag versions after update transaction is committed

2018-08-10 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68286/#review207072
---




security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
Lines 122 (patched)


Why this complicated is machinery with the thread locals and lists and 
registration is needed? 

You can easily have the same functionality - running a 'Runnable' object 
after a transaction finish, with just like this:

```java
public void executeOnTransactionCommit(Runnable runnable) { 
TransactionSynchronizationManager.registerSynchronization(new 
TransactionSynchronizationAdapter() {
public void afterCommit() {
   runnable.run();
}
  }
}
```


- Zsombor Gegesy


On Aug. 10, 2018, 12:58 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68286/
> ---
> 
> (Updated Aug. 10, 2018, 12:58 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2186
> https://issues.apache.org/jira/browse/RANGER-2186
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Policy updates to different policies within a service, when successful, 
> update the service's policy version. If the update transactions are 
> concurrent, and executed on different ranger-admin servers (in HA 
> configuration), then it is possible that policy-version of the transaction 
> that commits later overwrites policy-version of earlier transaction, 
> effectively losing track of the first change.
> 
> If policy-version is updated after update to policy is committed, then the 
> window of such loss is greatly reduced.
> 
> Similar considerations apply for tag updates.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
>  69ded6dc8 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 0773616f9 
>   
> security-admin/src/main/java/org/apache/ranger/common/db/RangerTransactionSynchronizationAdapter.java
>  2a62fb408 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXServiceVersionInfoDao.java
>  e1003297a 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> cb496ea8b 
> 
> 
> Diff: https://reviews.apache.org/r/68286/diff/1/
> 
> 
> Testing
> ---
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>