[
https://issues.apache.org/jira/browse/RANGER-4966?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892235#comment-17892235
]
Abhay Kulkarni edited comment on RANGER-4966 at 11/14/24 5:45 PM:
------------------------------------------------------------------
Commit details:
master:
[https://github.com/apache/ranger/commit/d44d5b3df2caa4ebf5c15e243d94cc1f573a1733]
ranger-2.6:
https://github.com/apache/ranger/commit/c91b7391e8877d2471679183567fd5193c284084
was (Author: abhayk):
Commit details:
master:
https://github.com/apache/ranger/commit/d44d5b3df2caa4ebf5c15e243d94cc1f573a1733
> Remove self node from the resourceTrie only if it has no children, no
> evaluators and no wildcard-evaluators
> -----------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4966
> URL: https://issues.apache.org/jira/browse/RANGER-4966
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Abhay Kulkarni
> Assignee: Abhay Kulkarni
> Priority: Major
>
> If the policy-deltas are enabled, then when two policies have a common subset
> of resources and are defined on same user (or subset of users, through groups
> or direct users), if one of these policies is modified (on anything: name,
> resource, user), it is the only one in effect during access evaluation. Until
> a restart of the underlying service.
> The underlying cause is a ResourceTrie node referring to modified
> policy-evaluator is removed even when it contains wildcard-evaluator(s).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
