Re: Review Request 72659: RANGER-2858 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

Dineshkumar Yadav Thu, 09 Jul 2020 03:44:17 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72659/
-----------------------------------------------------------


(Updated July 9, 2020, 10:43 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Mehul 
Parikh, Pradeep Agrawal, Vishal Suvagia, and Velmurugan Periasamy.


Changes
-------

Changes code for showing zone name in access audit even for hadoop-acl Access 
Enforcer


Repository: ranger


Description
-------

Zone name is not present in denied audit logs even though operation was 
performed on the zone resource


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 2a7166a77 


Diff: https://reviews.apache.org/r/72659/diff/2/

Changes: https://reviews.apache.org/r/72659/diff/1-2/


Testing
-------

Testing case
1) create a dir /test_zone_dir/
2) create a zone on this path
3) perform any read/write operation on this path 

in case of denied permission, audit does not have any zone name present.

after patch zonename is showing in ranger audit.


Thanks,

Dineshkumar Yadav

Re: Review Request 72659: RANGER-2858 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

Reply via email to