Dineshkumar Yadav created RANGER-5202: -----------------------------------------
Summary: Tag deny policy is not getting enforced on scan table command for hbase Key: RANGER-5202 URL: https://issues.apache.org/jira/browse/RANGER-5202 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0 Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Steps 1.kinit with hbase user 2.Create a table and insert data by logging into hbase shell {code:java} hbase shell create 'emp','personal_data','prof_data' put 'emp', '1', 'personal_data:name', 'Anu' put 'emp', '1', 'personal_data:SSN', '11111'{code} 3.Create a tag "testtag1" in atlas and assign it to the hbase table 4.Add systest in 'all - table, column-family, column' policy {code:java} resource HBase Table : * HBase Column-family : * HBase Column : * allow policyitem systest :Read{code} 6.Run the scan command he will be allowed {code:java} hbase:002:0> scan 'emp'; ROW COLUMN+CELL 1 column=personal_data:SSN, timestamp=2025-03-17T12:53:33.654, value=11111 1 column=personal_data:name, timestamp=2025-03-17T12:53:25.128, value=Anu 1 row(s) Took 0.8628 seconds{code} 7.Create a tag deny policy for systest {code:java} resource TAG : testtag1 deny policyitem systest :hbase:read, hbase:write, hbase:create{code} 8.Run the scan command again {code:java} hbase:007:0> scan 'emp'; ROW COLUMN+CELL 0 row(s) Took 0.0204 seconds{code} The user should be denied due to tag policy. -- This message was sent by Atlassian Jira (v8.20.10#820010)