[
https://issues.apache.org/jira/browse/RANGER-5224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17985968#comment-17985968
]
Abhishek Kumar commented on RANGER-5224:
----------------------------------------
Commit to master:
https://github.com/apache/ranger/commit/4d56c7fcf14d3896606f38d303f20b4afa8c339f
Commit to ranger-2.7:
https://github.com/apache/ranger/commit/2185307e3b5236239e80810c096a73433916b4e1
> dedupTags removes the valid tags while deduplicating tags
> ---------------------------------------------------------
>
> Key: RANGER-5224
> URL: https://issues.apache.org/jira/browse/RANGER-5224
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.6.0
> Reporter: Vyom Mani Tiwari
> Assignee: Vyom Mani Tiwari
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {color:#000000}{color:#000000}{color:#000000}When tag de duplication is
> enabled in Apache Ranger, deleting and recreating one resource causes the
> tag-based policy to fail for another resource that retains the same tag in
> Apache Atlas. After recreating the first resource, a user with access via the
> tag-based policy is unexpectedly denied access to the second resource,
> despite the tag still being associated with it.{color}{color}{color}
>
> {color:#000000}{color:#000000}{color:#000000}In the
> {color}{color}{color:#000000}{color:#000000}dedupTags(){color}{color}{color:#000000}{color:#000000}
> method, if a tag’s ID is higher than the retained ID, the tag is removed
> from the
> {color}{color}{color:#000000}{color:#000000}tags{color}{color}{color:#000000}{color:#000000}
> map instead of updating its ID. This can invalidate the tag’s mapping for
> the second resource after the first resource’s deletion, breaking the
> policy.{color}{color}{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
