[
https://issues.apache.org/jira/browse/RANGER-4316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vishal Bhavsar reopened RANGER-4316:
------------------------------------
[~madhan]
We were testing the usecase mentioned in the above description but encountered
issue for the path 3.
Below steps were performed during testing:
1) On apache master branch we set up Docker environment having Ranger & Hadoop
container.
2) Accessed ranger-hadoop container as "hdfs" user created directories.
command used to connect container : docker exec -u hdfs -it ranger-hadoop bash
command to create hdfs directories: hdfs dfs -mkdir -p /app/hive/default/test
3) Created hdfs allow policy as below, screenshot attached for policy.
Resource Path: /app/hive/ (Recursive: True)
user: hbase ; Permission: Read, Write, Execute
4) Now accessed ranger-hadoop container as "hbase" user and performed below
touch operation
hdfs dfs -touch /app/hive/file1.txt
Observed this touch operation is failing, as per our understanding this should
had been allowed via policy created at step 3.
Request to kindly review and confirm.
> Path resource matcher handling of resource ending with separator
> ----------------------------------------------------------------
>
> Key: RANGER-4316
> URL: https://issues.apache.org/jira/browse/RANGER-4316
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.5.0
>
> Attachments: RANGER-4316.patch
>
>
> HDFS policy { path: /app/hive/, isRecursive: true } should match all paths
> given below:
> # {{/app/hive/default}}
> # {{/app/hive/default/test}}
> # {{/app/hive/}}
> However, the policy does not match for path #3 above. This needs to be
> reviewed and fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
