----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74833/ -----------------------------------------------------------
(Updated Jan. 16, 2024, 6:04 p.m.) Review request for ranger, Dineshkumar Yadav, madhan, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy. Changes ------- Added missing unit test Bugs: RANGER-4655 https://issues.apache.org/jira/browse/RANGER-4655 Repository: ranger Description ------- This bug is shown up when multiple accesses are requested using one access-request and all of the requested accesses need to be granted in order the access-request to be allowed. This appears to be regression introduced by RANGER-3999 Test Case: Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy recursively. Policy 2: Granted only the "read" permission to user for "/hdp" Doing a list on "/hdp" fails with permission denied for access READ_EXECUTE. However, the same works when "execute" permission is granted in Policy 2. Diffs (updated) ----- agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 252482c8e agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 7fe2a2eb3 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 92a4fe02e agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 2afbfebd4 agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json PRE-CREATION Diff: https://reviews.apache.org/r/74833/diff/5/ Changes: https://reviews.apache.org/r/74833/diff/4-5/ Testing ------- Passes all unit tests. Added unit test for checking the patch. Thanks, Abhay Kulkarni