Re: Review Request 75024: RANGER-4805: Disable Atlas service under the policy permission of Tag-based policy

Thu, 13 Jun 2024 00:18:37 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75024/
-----------------------------------------------------------

(Updated June 13, 2024, 7:17 a.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Mehul 
Parikh, Pradeep Agrawal, and sanket shelar.


Bugs: RANGER-4805
    https://issues.apache.org/jira/browse/RANGER-4805


Repository: ranger


Description
-------

Steps to reproduce:

Created a tag policy for a `test` classification 
Added deny permission for user `tuser`
Access entity tagged with `test` classification through `tuser` through Atlas UI


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
 18ee3adc3 
  
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
 5c06cd602 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
f9816546a 
  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
c98da315d 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql e1e2274b6 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
ec0a5ba3a 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
bbe5975e8 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
2e0a000a3 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
7a7b3a5c8 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10062.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
 7d363c4c7 


Diff: https://reviews.apache.org/r/75024/diff/2/

Changes: https://reviews.apache.org/r/75024/diff/1-2/


Testing (updated)
-------

1)Verified that while creating or updating a Tag-based policy, the accessType 
for the Atlas service is not allowed.
2)Confirmed that the accessType for the Atlas service is not included in the 
default Tag-based policy.
3)Tested upgrade scenarios, any existing Tag-based policies have the accessType 
for the Atlas service removed and verified the serviceDef are updated with 
RangerServiceDef.options.


Thanks,

Rakesh Gupta

Reply via email to