[
https://issues.apache.org/jira/browse/RANGER-704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969880#comment-14969880
]
Madhan Neethiraj commented on RANGER-704:
-----------------------------------------
Enable/disable of a service (repository) is not a new feature introduced with
this JIRA. This feature was always present in Ranger and when a service (or
repository) is disabled, the plugins for that service don't receive any policy.
This was missed in ranger-0.5, hence the JIRA to fix this.
If a new semantics is desired for the disabled status, lets track through a
different JIRA with all the details of the desired out come. I propose that the
current JIRA is used only to fix the issue in ranger-0.5.
> Service enable/disable should refresh the policies in the plugins
> -----------------------------------------------------------------
>
> Key: RANGER-704
> URL: https://issues.apache.org/jira/browse/RANGER-704
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.0
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
>
> When a service is disabled, the plugins should be refreshed with empty policy
> list - as if no policy exists in the service. In this case, the components
> like HDFS and YARN will enforce component ACLs (since fallback is set to true
> by default); other components will deny any access - since there is no policy
> exists to allow any access. And when the service is enabled, the plugins
> should be refreshed with the policies in the service. To achieve this:
> - the policyVersion associated with the service should be incremented
> whenever the service is enabled or disabled. So that the next policy refresh
> call will send updated policy list
> - the policy refresh implementation should return empty policy list when
> service is disabled
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
