[
https://issues.apache.org/jira/browse/RANGER-4697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816962#comment-17816962
]
Anand Nadar commented on RANGER-4697:
-------------------------------------
Raised review request : https://reviews.apache.org/r/74881/
> GDS: The GDS cache is not updated when the name of a security zone is
> modified which is linked with a datashare
> ---------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4697
> URL: https://issues.apache.org/jira/browse/RANGER-4697
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Anand Nadar
> Assignee: Anand Nadar
> Priority: Major
>
> Steps to reproduce:
> 1. Create a datashare DSH-1, with zone1 and service1
> 2. Now download the GDS cache for service1. Note down the gds version as well
> (The response has the security zone name)
> 3. Now modify the zoneName to zone-test.
> 4. Now check the response of GDS cache download api, it's gds version would
> not be incremented and it will also contain the old security zone name.
> 5. Due to this the access enforcement fails.
> When the zone name is modified, then the gds version is not updated. (Because
> the datshare object contains the zoneID and therefore the zone name change
> does not affect the object)
> However, the GDS cache contains the security zone name which is used to
> evaluate access.
> But this new change of zone name is not taken by the cache because the
> service specific gds version is not updated. And because of this the access
> enforcement fails for GDS policies.
> Resolution:
> To address this issue, upon modification of the zone name, the
> service-specific GDS versions for all services associated with that
> particular zone must be updated, if they are associated with a datashare.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
