[jira] [Commented] (RANGER-5162) Tag Allowed policy is not being enforced

Fri, 11 Apr 2025 05:38:07 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-5162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17943543#comment-17943543
 ] 

Dineshkumar Yadav commented on RANGER-5162:
-------------------------------------------

Apache master : 
[https://github.com/apache/ranger/commit/c5e04517af707197005e07dff2dff7cdc345a1fc]

ranger-2.7 : 
https://github.com/apache/ranger/commit/a98809e3755fab5bf4da225691b08112528b0071

> Tag Allowed policy is not being enforced
> ----------------------------------------
>
>                 Key: RANGER-5162
>                 URL: https://issues.apache.org/jira/browse/RANGER-5162
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.6.0
>            Reporter: Dineshkumar Yadav
>            Assignee: Dineshkumar Yadav
>            Priority: Critical
>             Fix For: 3.0.0
>
>         Attachments: 0001-Tag-Allowed-policy-is-not-being-enforced.patch
>
>
> Steps to repro the issue using Docker setup
>  # Apply patch to create file based tag. 
>  # Setup Ranger Docker
>  # 
> {code:java}
> use below command to up ranger docker
> docker-compose -f docker-compose.ranger.yml -f 
> docker-compose.ranger-${RANGER_DB_TYPE}.yml -f 
> docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f 
> docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d 
> {code}
>  # 
> {code:java}
> restart tagsync docket to get file based tags into ranger
> docker restart ranger-tagsync
> exit
> docker exec -u root -it ranger-usersync bash
> groupadd finance
> useradd -m finuser1 && passwd finuser1
> useradd -m finuser2 && passwd finuser2
> usermod -a -G finance finuser1 && usermod -a -G finance finuser2
> exit{code}
>  # 
> {code:java}
> get inside hive container 
> docker exec -u root -it ranger-hive bash
> groupadd finance
> useradd -m finuser1 && passwd finuser1
> useradd -m finuser2 && passwd finuser2
> usermod -a -G finance finuser1 && usermod -a -G finance finuser2
> exit
> docker exec -u hive -it ranger-hive bashbeeline -u 
> jdbc:hive2://localhost:10000 -n hive(command to connect beeline)
> create database vehicle;
> use vehicle;
> create table cars(car_id int, car_name string, car_color string, car_price 
> int);
> exit
> {code}
>  # create tag policy into Ranger using tag "TAG_1" assign all permission to 
> user finuser1 created in step 4
>  # 
> {code:java}
> Now perform verification
> docker exec -u finuser1 -it ranger-hive bashbeeline -u
> jdbc:hive2://localhost:10000 -n finuser1(command to connect beeline)
> select * from vehicle.cars; {code}
>  # access will get denied where as it's expected to allow by tag policy 
> created in steps 6
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to