Dineshkumar Yadav created RANGER-5202:
-----------------------------------------

             Summary: Tag deny policy is not getting enforced on scan table 
command for hbase
                 Key: RANGER-5202
                 URL: https://issues.apache.org/jira/browse/RANGER-5202
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 3.0.0
            Reporter: Dineshkumar Yadav
            Assignee: Dineshkumar Yadav


Steps
1.kinit with hbase user
2.Create a table and insert data by logging into hbase shell
{code:java}
hbase shell
create 'emp','personal_data','prof_data'
put 'emp', '1', 'personal_data:name', 'Anu'
put 'emp', '1', 'personal_data:SSN', '11111'{code}
3.Create a tag "testtag1" in atlas and assign it to the hbase table

4.Add systest in 'all - table, column-family, column' policy
{code:java}
resource
     HBase Table : *
     HBase Column-family : *
     HBase Column : * 
allow policyitem 
     systest :Read{code}
6.Run the scan command he will be allowed
{code:java}
hbase:002:0> scan 'emp';
ROW  COLUMN+CELL
 1 column=personal_data:SSN, timestamp=2025-03-17T12:53:33.654, value=11111
 1 column=personal_data:name, timestamp=2025-03-17T12:53:25.128, value=Anu
1 row(s)
Took 0.8628 seconds{code}
7.Create a tag deny policy for systest
{code:java}
resource
     TAG : testtag1
deny policyitem 
     systest :hbase:read, hbase:write, hbase:create{code}
8.Run the scan command again
{code:java}
hbase:007:0> scan 'emp';
ROW  COLUMN+CELL
0 row(s)
Took 0.0204 seconds{code}
The user should be denied due to tag policy.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to