Re: Review Request 72577: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

Tue, 16 Jun 2020 14:54:17 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72577/#review221016
-----------------------------------------------------------


Ship it!




- Madhan Neethiraj


On June 16, 2020, 8:12 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72577/
> -----------------------------------------------------------
> 
> (Updated June 16, 2020, 8:12 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2858
>     https://issues.apache.org/jira/browse/RANGER-2858
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When user has permissions on a few of the databases in security zone 
> policies, "show databases" command is expected to list databases on which the 
> user has some permission in any security zone(s). However, the command fails 
> authorization. Furthermore, command "use <database>" where <database> is name 
> of the database where user has some access in any security zone, succeeds.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
>  e6de06fa7 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  fdec9caab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  0930e2cf7 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  a6ea48d14 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
> 29c3604d1 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> 1b5aa9e2d 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 1bdee86d3 
> 
> 
> Diff: https://reviews.apache.org/r/72577/diff/3/
> 
> 
> Testing
> -------
> 
> Created two security zones containing different databases with one zone 
> having Ranger policy to provide access to a table contained in that zone.
> 
> Verified that 'show databases' command listed correct database which allowed 
> some access to the contained table.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to