----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70629/ -----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2414 https://issues.apache.org/jira/browse/RANGER-2414 Repository: ranger Description ------- Current Ranger policy model supports authorization/column-masking/row-filtering for users/user-groups based on various criteria like accessed-resource, resource-classifications, IP-address and custom conditions. Given the wide-spread use of role-based authorization in traditional enterprise applications (like RDBMS, J2EE), it will be very useful for Ranger policy model to support 'roles' i.e. to be able to specify authorization/column-masking/row-filtering for roles as well - in addition to existing support for users and user-groups. This patch provides an initial implementation of support for roles in Ranger. Diffs ----- agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java 28db58cd9 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 5e2c49211 agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037ff agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 3cf509d7c agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0c9 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 9ed500c50 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 365edcf35 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java eafbde246 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java a57b39827 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java 45231e739 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 47b4921ad agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 5400f71c4 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java a6e24c609 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java 5a18226fe agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java c20ccded6 agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java e22249ac6 agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java cbd2cb012 agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java 2c1de4eb8 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java e92a2e658 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 5a47ba401 agents-common/src/test/resources/policyengine/test_aclprovider_default.json b4c4def85 agents-common/src/test/resources/policyengine/test_policyengine_with_roles.json PRE-CREATION hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java f204c15c0 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java bf4d6c1ea security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 769afb56a security-admin/db/mysql/patches/041-create-role-schema.sql PRE-CREATION security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 9a9e36b09 security-admin/db/oracle/patches/041-create-role-schema.sql PRE-CREATION security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql df4201d89 security-admin/db/postgres/patches/041-create-role-schema.sql PRE-CREATION security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql a2d413743 security-admin/db/sqlanywhere/patches/041-create-role-schema.sql PRE-CREATION security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 1f3ccbf5d security-admin/db/sqlserver/patches/041-create-role-schema.sql PRE-CREATION security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 921dc3736 security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java f48a80387 security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 35dc9405b security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 039e4e8d5 security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 979fd6543 security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 5d513bd8b security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXPolicyRefRole.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXRole.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXRoleBase.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefGroup.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefRole.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXRoleRefUser.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 734faef3a security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 3ff763c71 security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java 3e1a8e1bf security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/service/RangerRoleServiceBase.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/RangerRoleList.java PRE-CREATION security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4647b1c9 security-admin/src/main/webapp/scripts/collection_bases/VXRoleListBase.js PRE-CREATION security-admin/src/main/webapp/scripts/collections/VXRoleList.js PRE-CREATION security-admin/src/main/webapp/scripts/controllers/Controller.js c4a0b58df security-admin/src/main/webapp/scripts/model_bases/VXRoleBase.js PRE-CREATION security-admin/src/main/webapp/scripts/models/VXRole.js PRE-CREATION security-admin/src/main/webapp/scripts/modules/XALinks.js ab0fe7a23 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js a9287450c security-admin/src/main/webapp/scripts/routers/Router.js f60e03c21 security-admin/src/main/webapp/scripts/utils/XAUtils.js 18e86c9cc security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 0c3824bad security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js 8f23e84d3 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js a1a1311aa security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 1af54e18a security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js c18cfaa08 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 18dba7ace security-admin/src/main/webapp/scripts/views/users/RoleCreate.js PRE-CREATION security-admin/src/main/webapp/scripts/views/users/RoleForm.js PRE-CREATION security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 45b672caf security-admin/src/main/webapp/styles/xa.css 6ae646dfc security-admin/src/main/webapp/templates/common/TopNav_tmpl.html 22df5cb8b security-admin/src/main/webapp/templates/policies/PermissionItem.html d2b401d05 security-admin/src/main/webapp/templates/policies/PermissionList.html 9972d4885 security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html e76ad21e4 security-admin/src/main/webapp/templates/users/RoleCreate_tmpl.html PRE-CREATION security-admin/src/main/webapp/templates/users/RoleForm_tmpl.html PRE-CREATION security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html d99b3b453 security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java ac9af5eb4 Diff: https://reviews.apache.org/r/70629/diff/1/ Testing ------- - Role CRUD - Policy Updates to add/remove roles - Logic to authorize access with roles - Tracking Service versions with role updates Thanks, Abhay Kulkarni