Review Request 66107: Evaluate grantor's group membership in the plugin for grant/revoke request

Abhay Kulkarni Thu, 15 Mar 2018 16:08:10 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66107/
-----------------------------------------------------------


Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-2027
    https://issues.apache.org/jira/browse/RANGER-2027


Repository: ranger


Description
-------

Instead of computing group membership in the ranger-admin, it is better to 
compute it in the plugin using component's user identity manager and relayed to 
ranger-admin in the grant/revoke request. Ranger-Admin's user identify manager 
may be used to compute group membership only as a fallback for backward 
compatibility.


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java
 0c5b2d80b 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 12b675b45 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 2c2a51866 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
dad8a975e 


Diff: https://reviews.apache.org/r/66107/diff/1/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni

Review Request 66107: Evaluate grantor's group membership in the plugin for grant/revoke request

Reply via email to