Dineshkumar Yadav created RANGER-5202:
-----------------------------------------
Summary: Tag deny policy is not getting enforced on scan table
command for hbase
Key: RANGER-5202
URL: https://issues.apache.org/jira/browse/RANGER-5202
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 3.0.0
Reporter: Dineshkumar Yadav
Assignee: Dineshkumar Yadav
Steps
1.kinit with hbase user
2.Create a table and insert data by logging into hbase shell
{code:java}
hbase shell
create 'emp','personal_data','prof_data'
put 'emp', '1', 'personal_data:name', 'Anu'
put 'emp', '1', 'personal_data:SSN', '11111'{code}
3.Create a tag "testtag1" in atlas and assign it to the hbase table
4.Add systest in 'all - table, column-family, column' policy
{code:java}
resource
HBase Table : *
HBase Column-family : *
HBase Column : *
allow policyitem
systest :Read{code}
6.Run the scan command he will be allowed
{code:java}
hbase:002:0> scan 'emp';
ROW COLUMN+CELL
1 column=personal_data:SSN, timestamp=2025-03-17T12:53:33.654, value=11111
1 column=personal_data:name, timestamp=2025-03-17T12:53:25.128, value=Anu
1 row(s)
Took 0.8628 seconds{code}
7.Create a tag deny policy for systest
{code:java}
resource
TAG : testtag1
deny policyitem
systest :hbase:read, hbase:write, hbase:create{code}
8.Run the scan command again
{code:java}
hbase:007:0> scan 'emp';
ROW COLUMN+CELL
0 row(s)
Took 0.0204 seconds{code}
The user should be denied due to tag policy.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
