[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Fix Version/s: 1.0.1 > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master, 0.7.1 >Reporter: Anuja Leekha >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 0.7.2, 1.1.0, 1.0.1 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Fix Version/s: 0.7.2 > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master, 0.7.1 >Reporter: Anuja Leekha >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 0.7.2, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Affects Version/s: 0.7.1 > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master, 0.7.1 >Reporter: Anuja Leekha >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 0.7.2, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user. When test_user executes "scan 'emp' " command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should be authorized by resource policy. was: ERROR SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, ** column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, ** column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, ** column-family=*,column=* and Tag > policy allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and policy for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, column-family=*,column=* and Tag > policy allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Summary: Hbase column family access is authorized by a tagged column in the column family (was: Hbase column family access is authorized by a tagged column) > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, column-family=*,column=* and policy > for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Access based policy [Tag column shows PII] > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
