Re: Review Request 72577: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

Mon, 15 Jun 2020 10:51:39 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72577/
-----------------------------------------------------------

(Updated June 15, 2020, 5:50 p.m.)


Review request for ranger, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
-------

Addressed review comments


Bugs: RANGER-2858
    https://issues.apache.org/jira/browse/RANGER-2858


Repository: ranger


Description
-------

When user has permissions on a few of the databases in security zone policies, 
"show databases" command is expected to list databases on which the user has 
some permission in any security zone(s). However, the command fails 
authorization. Furthermore, command "use <database>" where <database> is name 
of the database where user has some access in any security zone, succeeds.


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
 e6de06fa7 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 fdec9caab 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 0930e2cf7 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 a6ea48d14 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
29c3604d1 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
1b5aa9e2d 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
1bdee86d3 


Diff: https://reviews.apache.org/r/72577/diff/2/

Changes: https://reviews.apache.org/r/72577/diff/1-2/


Testing
-------

Created two security zones containing different databases with one zone having 
Ranger policy to provide access to a table contained in that zone.

Verified that 'show databases' command listed correct database which allowed 
some access to the contained table.


Thanks,

Abhay Kulkarni

Reply via email to