Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III

Abhay Kulkarni Mon, 13 Jul 2020 14:59:36 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72674/
-----------------------------------------------------------


Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2858
    https://issues.apache.org/jira/browse/RANGER-2858


Repository: ranger


Description
-------

Permission is granted  for 'any' access for a non-empty resource if any policy 
in any security zone allows permission. Only the policies in the security zone 
for the accessed resource should be considered for authorization in such 
scenario.


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 dbdb78048 


Diff: https://reviews.apache.org/r/72674/diff/1/


Testing
-------

Tested for hive service, by exercising 'use <database>' command using beeline. 
Verified that only the policies in the security zone which contains resource 
<database> are evaluated for access.


Thanks,

Abhay Kulkarni

Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III

Reply via email to