[jira] [Updated] (RANGER-3517) Incorrect Policy evaluation on clearing existing policy

Mon, 15 Nov 2021 23:11:34 -0800 


     [ 
https://issues.apache.org/jira/browse/RANGER-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nishchith Shetty updated RANGER-3517:
-------------------------------------
    Description: 
Hello,

 

Once a policy is created and then all the policies are cleared from Ranger 
Admin, the plugin enforces the last policy that was cached instead of clearing 
the policies on the client.

 

*Steps to reproduce*
 * Create a allow policy for userA (ID-1)
 * Delete the policy ({_}now there are 0 policies on ranger server){_}
 * Use the plugin
 ** Expected/Ideal behaviour - deny (as there's no policy)
 ** Current behaviour - allow (enforced policy ID-1)

_Note: For each step let the change get synced to the client via plugin_

 

*Logs (ranger-plugin v2.2.0)*
{code:java}
Downloaded policies do not require policy change !!
Keeping old policy-engine!
Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
{code}

  was:
Hello,

 

Once a policy is created and then all the policies are cleared from Ranger 
Admin, the plugin enforces the last policy that was cached instead of clearing 
the policies on the client.

 

*Steps to reproduce*
 * Create a allow policy for userA (ID-1)
 * Delete the policy ({_}now there are 0 policies on ranger server){_}
 * Use the plugin
 ** Expected/Ideal behaviour - deny (as there's no policy)
 ** Current behaviour - allow (enforced policy ID-1)

_Note: For each step let the change get synced to the client via plugin_

 

*Logs (ranger-plugin v2.2.0)*

{{}}
{code:java}
Downloaded policies do not require policy change !!
Keeping old policy-engine!
Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
{code}
{{}}


> Incorrect Policy evaluation on clearing existing policy
> -------------------------------------------------------
>
>                 Key: RANGER-3517
>                 URL: https://issues.apache.org/jira/browse/RANGER-3517
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins, Ranger
>    Affects Versions: 2.2.0
>            Reporter: Nishchith Shetty
>            Priority: Critical
>
> Hello,
>  
> Once a policy is created and then all the policies are cleared from Ranger 
> Admin, the plugin enforces the last policy that was cached instead of 
> clearing the policies on the client.
>  
> *Steps to reproduce*
>  * Create a allow policy for userA (ID-1)
>  * Delete the policy ({_}now there are 0 policies on ranger server){_}
>  * Use the plugin
>  ** Expected/Ideal behaviour - deny (as there's no policy)
>  ** Current behaviour - allow (enforced policy ID-1)
> _Note: For each step let the change get synced to the client via plugin_
>  
> *Logs (ranger-plugin v2.2.0)*
> {code:java}
> Downloaded policies do not require policy change !!
> Keeping old policy-engine!
> Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to