[ https://issues.apache.org/jira/browse/RANGER-4767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhay Kulkarni updated RANGER-4767: ----------------------------------- Description: If all the policies for a security zone are deleted, then still the previous policies are taking effect. If there are no policies in the repo, then the following error is seen in the logs while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies {code:java|bgColor=#f4f5f7} 2024-04-02T16:09:42.913Z ERROR PolicyRefresher(serviceName=cm_trino)-233 org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy engine initialization failed! Leaving current policy engine as-is. Exception : java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" because "this.policies" is null at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229) at org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264) at org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104) at org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) {code} was: If all the policies in a repo are deleted, then still the previous policies are taking effect. If there are no policies in the repo, then the following error is seen in the logs while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies {code:java|bgColor=#f4f5f7} 2024-04-02T16:09:42.913Z ERROR PolicyRefresher(serviceName=cm_trino)-233 org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy engine initialization failed! Leaving current policy engine as-is. Exception : java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" because "this.policies" is null at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229) at org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264) at org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104) at org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) {code} > Deleted policies are still taking effect if all policies for a security zone > are deleted > ---------------------------------------------------------------------------------------- > > Key: RANGER-4767 > URL: https://issues.apache.org/jira/browse/RANGER-4767 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Abhishek > Assignee: Abhay Kulkarni > Priority: Major > > If all the policies for a security zone are deleted, then still the previous > policies are taking effect. > If there are no policies in the repo, then the following error is seen in the > logs > while syncing the policies, and the previously existing policies are still > taking effect and operations are allowed through those policies > {code:java|bgColor=#f4f5f7} > 2024-04-02T16:09:42.913Z ERROR > PolicyRefresher(serviceName=cm_trino)-233 > org.apache.ranger.plugin.service.RangerBasePlugin setPolicies: policy > engine initialization failed! Leaving current policy engine as-is. Exception > : > java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" > because "this.policies" is null > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887) > at > org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229) > at > org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264) > at > org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104) > at > org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264) > at > org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)