----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75377/#review227307 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java Line 666 (original), 666 (patched) <https://reviews.apache.org/r/75377/#comment315556> It seems updates in GdsDBStore, GdsREST and RangerGdsDataShareInDatasetService may be avoided by having all admin audit logic contained within RangerAuditedModelService. security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java Lines 203 (patched) <https://reviews.apache.org/r/75377/#comment315557> Is `isDataShareUpdated` used to skip admin audit log when a data share is created? Such optimization may not be useful and creates unnecessary noise in the code. Please review and revert. security-admin/src/main/java/org/apache/ranger/service/RangerAuditedModelService.java Lines 250 (patched) <https://reviews.apache.org/r/75377/#comment315555> There will be at most one dataset associated with a policy. Consider adding following method: ``` public class XXGdsDatasetPolicyMapDao extends BaseDao<XXGdsDatasetPolicyMap> { ... public Long getDatasetIdForPolicy(long policyId) { Long ret = null; try { ret = getEntityManager().createNamedQuery("XXGdsDatasetPolicyMap.getDatasetIdForPolicy", Long.class) .setParameter("policyId", policyId) } catch (NoResultException ex) { // ignore } return null; } } ``` security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java Lines 310 (patched) <https://reviews.apache.org/r/75377/#comment315554> ``` return dshid != null ? "DataShare: id=" + dshid.getDataShareId() + " in Dataset: id=" + dshid.getDatasetId() : ""; ``` - Madhan Neethiraj On April 1, 2025, 1:21 a.m., Radhika Kundam wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75377/ > ----------------------------------------------------------- > > (Updated April 1, 2025, 1:21 a.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-5170 > https://issues.apache.org/jira/browse/RANGER-5170 > > > Repository: ranger > > > Description > ------- > > Improve Ranger logging to capture all hierarchical events for better > visibility and traceability. > > Currently, Ranger logs only direct changes to an entity, missing related > updates across interconnected entities. For example, when a resource is > created or updated, only a resource log is generated, making it difficult to > track associated changes in dependent entities. > > With this change, Ranger will generate logs for all impacted entities in the > hierarchy. Example: > > If a resource is modified, logs will be created for: > Resource > Datashare (if the resource is part of a datashare) > DataShareInDataset (if the datashare is linked to a dataset) > Dataset > > This transaction will log all the hierarchical logs and it'll include details > of the changed resource to ensure complete visibility. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > b1431cf71 > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 84009c3fa > > security-admin/src/main/java/org/apache/ranger/service/RangerAuditedModelService.java > edf514b1f > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java > cfe623eae > > > Diff: https://reviews.apache.org/r/75377/diff/2/ > > > Testing > ------- > > Tested locally.Attached example scenario of logs before and after the change. > > > File Attachments > ---------------- > > Example Logs with updated patch > > https://reviews.apache.org/media/uploaded/files/2025/04/01/d804c504-c65c-40e4-953b-5632c265057f__LogsBeforeAndAfterHierarchicalLogsPatch.png > > > Thanks, > > Radhika Kundam > >
