Re: Review Request 75024: RANGER-4805: Disable Atlas service under the policy permission of Tag-based policy

Tue, 18 Jun 2024 01:54:09 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75024/
-----------------------------------------------------------

(Updated June 18, 2024, 8:54 a.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, sanket 
shelar, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Corrected a typo.


Bugs: RANGER-4805
    https://issues.apache.org/jira/browse/RANGER-4805


Repository: ranger


Description
-------

Steps to reproduce:

Created a tag policy for a `test` classification 
Added deny permission for user `tuser`
Access entity tagged with `test` classification through `tuser` through Atlas UI


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
 18ee3adc3 
  
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
 5c06cd602 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
f9816546a 
  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
c98da315d 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql e1e2274b6 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
ec0a5ba3a 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
bbe5975e8 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
2e0a000a3 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
7a7b3a5c8 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10062.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
 7d363c4c7 


Diff: https://reviews.apache.org/r/75024/diff/4/

Changes: https://reviews.apache.org/r/75024/diff/3-4/


Testing
-------

1)Verified that while creating or updating a Tag-based policy, the accessType 
for the Atlas service is not allowed.
2)Confirmed that the accessType for the Atlas service is not included in the 
default Tag-based policy.
3)Tested upgrade scenarios, any existing Tag-based policies have the accessType 
for the Atlas service removed and verified the serviceDef are updated with 
RangerServiceDef.options.


Thanks,

Rakesh Gupta

Reply via email to