Re: Review Request 74697: RANGER:4494:get Dataset summary for logged in user based on dataset-policy.

Thu, 02 Nov 2023 11:08:01 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74697/#review225929
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
Lines 1228 (patched)
<https://reviews.apache.org/r/74697/#comment314334>

    getUnscrubbedDatasets() already returns paginated list. Filtering in the 
following for loop might exclude some datasets, resulting in reduced page size. 
Please review and update.



security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
Lines 1417 (patched)
<https://reviews.apache.org/r/74697/#comment314333>

    Instead of processing policyItems here, consider moving this to validator.
    
    validator.isAccessibleByDatasetPolicy(policy, user);
    
    Above method should also check if the policy is enabled.



security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
Lines 590 (patched)
<https://reviews.apache.org/r/74697/#comment314332>

    to avoid retrieving groups and roles for each policyItem (i.e., each call 
to this method), consider sending these as parameter.


- Madhan Neethiraj


On Oct. 25, 2023, 12:07 p.m., Prashant Satam wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74697/
> -----------------------------------------------------------
> 
> (Updated Oct. 25, 2023, 12:07 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4494
>     https://issues.apache.org/jira/browse/RANGER-4494
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> We need a new API URI--->(/dataset/summary/sharedwithme) to extend the 
> /dataset/summary API added in 
> https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary 
> for datasets which are shared with the logged in user, based on policy.
> 
> Use of The API 
> 
> This API will return dataset summary objects which are accessible for the 
> logged in user by the dataset policy
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 4249b1121 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java b1dc9d37d 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  f21d445c4 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  6c55fd029 
> 
> 
> Diff: https://reviews.apache.org/r/74697/diff/1/
> 
> 
> Testing
> -------
> 
> 1)Create dataset attach dataShare and shared-resource to it 
> 2)create policy for the dataset and add the current logged in user in the 
> dataset-policy (can add user directly/via role/via group)
> 3)use GET-API ----------> (/service/gds/dataset/summary/sharedwithme) you 
> will only get dataset summary objects for whom the current user have access 
> by the dataset-policy
> 
> Request-------------> GET-API /service/gds/dataset/summary/sharedwithme
> Response ----------->
> {
>     "startIndex": 0,
>     "pageSize": 200,
>     "totalCount": 1,
>     "resultSize": 1,
>     "sortType": "datasetId",
>     "sortBy": "asc",
>     "queryTimeMS": 1698235573851,
>     "list": [
>         {
>             "id": 1,
>             "guid": "d82106ea-191e-4f50-a3ac-45ba824bd293",
>             "isEnabled": true,
>             "createdBy": "Admin",
>             "updatedBy": "Admin",
>             "createTime": 1698220723000,
>             "updateTime": 1698232342000,
>             "version": 6,
>             "name": "Test_GDS_Dataset19",
>             "description": "This is GDS description",
>             "permissionForCaller": "AUDIT",
>             "principalsCount": {
>                 "ROLE": 0,
>                 "USER": 0,
>                 "GROUP": 0
>             },
>             "projectsCount": 0,
>             "totalResourceCount": 2,
>             "dataShares": [
>                 {
>                     "id": 1,
>                     "guid": "f635adcb-e77c-4a1d-a894-c8ceb9f8b577",
>                     "isEnabled": true,
>                     "createdBy": "Admin",
>                     "updatedBy": "Admin",
>                     "createTime": 1698220777000,
>                     "updateTime": 1698220777000,
>                     "version": 1,
>                     "dataShareId": 1,
>                     "dataShareName": "RangerDataShare1",
>                     "serviceId": 1,
>                     "serviceName": "Ranger_hive",
>                     "zoneId": 2,
>                     "zoneName": "Ranger_hive",
>                     "resourceCount": 1,
>                     "shareStatus": "NONE"
>                 },
>                 {
>                     "id": 2,
>                     "guid": "055f5f6f-6969-4226-825b-2c7607aeea7b",
>                     "isEnabled": true,
>                     "createdBy": "Admin",
>                     "updatedBy": "Admin",
>                     "createTime": 1698220783000,
>                     "updateTime": 1698220783000,
>                     "version": 1,
>                     "dataShareId": 2,
>                     "dataShareName": "RangerDataShare2",
>                     "serviceId": 1,
>                     "serviceName": "Ranger_hive",
>                     "zoneId": 2,
>                     "zoneName": "Ranger_hive",
>                     "resourceCount": 1,
>                     "shareStatus": "NONE"
>                 }
>             ]
>         }
>     ],
>     "listSize": 1
> }
> 
> 
> Thanks,
> 
> Prashant Satam
> 
>

Reply via email to