----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73212/ -----------------------------------------------------------
(Updated April 16, 2021, 10:24 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Ramesh Mani, Sarath Subramanian, and Velmurugan Periasamy. Changes ------- Rebased patch, resolved merged conflicts. Bugs: RANGER-3195 https://issues.apache.org/jira/browse/RANGER-3195 Repository: ranger Description ------- Requirement :- The new requirement is to provide a way to authorize who can Add/Remove/Update Classification for an entity even if the entities on which classification have to be applied do not have classifications already tagged to it. Solution:- This will require changes on Ranger Atlas service defination to introduce a new resource "*classifications*" in entity authz model called classifications at level 40 [4th level], with the new classifications resource ranger authorizer will check the classification exist in policy for that add/update/remove classification request to authorize. Diffs (updated) ----- agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json d8331dbb4 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 79ef60465 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java c13633ad2 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d0cd9db2 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 1904c6847 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 51ef67b8f security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 97ddb5df3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql d15015009 security-admin/src/main/java/org/apache/ranger/patch/PatchAtlasForClassificationResource_J10047.java PRE-CREATION Diff: https://reviews.apache.org/r/73212/diff/8/ Changes: https://reviews.apache.org/r/73212/diff/7-8/ Testing ------- Tested Atlas with Ranger authorization with entities for add, update , add-classification, remove-classification, update-classification events. Thanks, Nixon Rodrigues