-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75206/
-----------------------------------------------------------
Review request for ranger, madhan, Madhan Neethiraj, Mahesh Bandal, Ramesh
Mani, and Sailaja Polavarapu.
Bugs: RANGER-4820
https://issues.apache.org/jira/browse/RANGER-4820
Repository: ranger
Description
-------
This is a follow-up to the earlier patch.
After HDFS release 2.8.0, the EXECUTE permission on a HDFS resource is expected
to succeed unless there is a matching DENY Ranger policy. Please refer to
https://issues.apache.org/jira/browse/RANGER-1707 for more details.
When an HDFS access requests a combination of multiple accesses, with one of
them being EXECUTE access, this behavior needs to be accounted for in a generic
manner. This patch addresses this requirement by supporting the set of such
accesses in the context of the access-request.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
be6cd5584
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
de31737d6
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
aa59e3ad6
Diff: https://reviews.apache.org/r/75206/diff/1/
Testing
-------
Ran all unit tests successfully.
Verified the specified scenario in a cluster successfully.
Thanks,
Abhay Kulkarni
