[
https://issues.apache.org/jira/browse/RANGER-5202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17948826#comment-17948826
]
Dineshkumar Yadav commented on RANGER-5202:
-------------------------------------------
ranger 2.7 RR : https://reviews.apache.org/r/75385/
> Tag deny policy is not getting enforced on scan table command for hbase
> -----------------------------------------------------------------------
>
> Key: RANGER-5202
> URL: https://issues.apache.org/jira/browse/RANGER-5202
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: Dineshkumar Yadav
> Assignee: Dineshkumar Yadav
> Priority: Major
>
> Steps
> 1.kinit with hbase user
> 2.Create a table and insert data by logging into hbase shell
> {code:java}
> hbase shell
> create 'emp','personal_data','prof_data'
> put 'emp', '1', 'personal_data:name', 'Anu'
> put 'emp', '1', 'personal_data:SSN', '11111'{code}
> 3.Create a tag "testtag1" in atlas and assign it to the hbase table
> 4.Add systest in 'all - table, column-family, column' policy
> {code:java}
> resource
> HBase Table : *
> HBase Column-family : *
> HBase Column : *
> allow policyitem
> systest :Read{code}
> 6.Run the scan command he will be allowed
> {code:java}
> hbase:002:0> scan 'emp';
> ROW COLUMN+CELL
> 1 column=personal_data:SSN, timestamp=2025-03-17T12:53:33.654, value=11111
> 1 column=personal_data:name, timestamp=2025-03-17T12:53:25.128, value=Anu
> 1 row(s)
> Took 0.8628 seconds{code}
> 7.Create a tag deny policy for systest
> {code:java}
> resource
> TAG : testtag1
> deny policyitem
> systest :hbase:read, hbase:write, hbase:create{code}
> 8.Run the scan command again
> {code:java}
> hbase:007:0> scan 'emp';
> ROW COLUMN+CELL
> 0 row(s)
> Took 0.0204 seconds{code}
> The user should be denied due to tag policy.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
