[jira] [Updated] (RANGER-2067) Supply the function of viewing policy history version.
[ https://issues.apache.org/jira/browse/RANGER-2067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-2067: Attachment: RANGER-2067.png > Supply the function of viewing policy history version. > > > Key: RANGER-2067 > URL: https://issues.apache.org/jira/browse/RANGER-2067 > Project: Ranger > Issue Type: Task > Components: admin >Affects Versions: master, 1.1.0, 1.0.1 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Attachments: > 0001-RANGER-2067-Supply-the-function-of-viewing-policy-hi.patch, > RANGER-2067.png > > > Supply the function of viewing policy history version. > We don't can view the policy history version if without access allowed log. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66581: Supply the function of viewing policy history version.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66581/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. Bugs: RANGER-2067 https://issues.apache.org/jira/browse/RANGER-2067 Repository: ranger Description --- Supply the function of viewing policy history version. We don't can view the policy history version if without access allowed log. Diffs - security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js 1afd92e3d Diff: https://reviews.apache.org/r/66581/diff/1/ Testing --- Thanks, Qiang Zhang
[jira] [Updated] (RANGER-2067) Supply the function of viewing policy history version.
[ https://issues.apache.org/jira/browse/RANGER-2067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-2067: Attachment: 0001-RANGER-2067-Supply-the-function-of-viewing-policy-hi.patch > Supply the function of viewing policy history version. > > > Key: RANGER-2067 > URL: https://issues.apache.org/jira/browse/RANGER-2067 > Project: Ranger > Issue Type: Task > Components: admin >Affects Versions: master, 1.1.0, 1.0.1 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Attachments: > 0001-RANGER-2067-Supply-the-function-of-viewing-policy-hi.patch > > > Supply the function of viewing policy history version. > We don't can view the policy history version if without access allowed log. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2067) Supply the function of viewing policy history version.
Qiang Zhang created RANGER-2067: --- Summary: Supply the function of viewing policy history version. Key: RANGER-2067 URL: https://issues.apache.org/jira/browse/RANGER-2067 Project: Ranger Issue Type: Task Components: admin Affects Versions: master, 1.1.0, 1.0.1 Reporter: Qiang Zhang Assignee: Qiang Zhang Supply the function of viewing policy history version. We don't can view the policy history version if without access allowed log. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66504/#review200951 --- Ship it! Ship It! - Velmurugan Periasamy On April 11, 2018, 12:49 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66504/ > --- > > (Updated April 11, 2018, 12:49 p.m.) > > > Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-2058 > https://issues.apache.org/jira/browse/RANGER-2058 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Ranger can not communicate to ssl enabled Postgres > server > > > **Proposed Solution:** > To connect to a SSL Enabled Postgres Server JDBC connection string could be : > =>For validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". > =>For Non validating CA: > "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". > > The 'ssl=true' property is added to the JDBC URL to attempt to communicate > via SSL. > The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to > bypass certificate validation. > --- > Following properties of install.properties file can be used to provide the > SSL config options, keystore and truststore path to connect to SSL enabled > Postgres server: > > db_ssl_enabled= > db_ssl_required= > db_ssl_verifyServerCertificate= > db_ssl_auth_type= > javax_net_ssl_keyStore= > javax_net_ssl_keyStorePassword= > javax_net_ssl_trustStore= > javax_net_ssl_trustStorePassword= > --- > **Rules:** > 1. if [db_ssl_enabled=true] then ranger admin/kms JDBC URL will attempt to > communicate to postgres via SSL. > 2. if [db_ssl_enabled=true and [db_ssl_required=false and > db_ssl_verifyServerCertificate=false]] then JDBC url will have parameter > 'sslfactory=org.postgresql.ssl.NonValidatingFactory' in it and CA validation > will be skipped. > 3. if [db_ssl_enabled=true and [db_ssl_required=true or > db_ssl_verifyServerCertificate=true]] then CA validation will be mandatory. >3.1) if [db_ssl_auth_type=1-way] then User have to provide the certificate > and password through truststore > properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword) >3.2) if [db_ssl_auth_type=2-way] then User have to provide the keystore > and password through keystore > properties(javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword) and CA > certificate and password through truststore > properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword). > > **Note:** > Ranger application and jisql utility should know from where to pick the > certificates which can be set in the System properties like this : > -Djavax.net.ssl.keyStore=path_to_keystore_file > -Djavax.net.ssl.keyStorePassword=password > -Djavax.net.ssl.trustStore=path_to_truststore_file > -Djavax.net.ssl.trustStorePassword=password > > > Diffs > - > > kms/scripts/db_setup.py a431b60 > kms/scripts/dba_script.py bcd4aa2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca > security-admin/scripts/db_setup.py b8664d2 > security-admin/scripts/dba_script.py 69fff41 > security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java > edd9d36 > > > Diff: https://reviews.apache.org/r/66504/diff/2/ > > > Testing > --- > > **Steps Performed(with patch):** > Installed Postgres and enabled SSL with the help of doc : > https://www.postgresql.org/docs/9.5/static/ssl-tcp.html > > Untar ranger-admin from Build having changes of proposed patch. > Provided ranger db root and admin db details in install.properties. > Provided values for below properties of install.properties file. > db_ssl_enabled=true > db_ssl_required=true > db_ssl_verifyServerCertificate=true > db_ssl_auth_type=1-way > javax_net_ssl_keyStore=/root/keystore > javax_net_ssl_keyStorePassword=secret > javax_net_ssl_trustStore=/root/truststore > javax_net_ssl_trustStorePassword=secret > > Executed setup.sh script. > > Tried to start ranger admin service. > > **Expected behaviour :** Ranger admin should start normally and User should > able to see Dashboard page after login. > > **Actual behaviour :** Ranger admin was started and was able to login and see > Ranger UI. > > **Note :** > Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and > two-way ssl configurations. > Tried below combination of SSL properties also with different ranger db > combination to install ranger admin and ranger kms. > > db_ssl_enabled|db_ssl_required|db_ssl_verifyServerCertificate|db_ssl_auth_type|javax_net_ssl_keyStore >
Re: Review Request 66563: Entity is readable even if there is no entity-read-classification permission.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66563/#review200949 --- Ship it! Ship It! - Qiang Zhang On April 11, 2018, 7:23 p.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66563/ > --- > > (Updated April 11, 2018, 7:23 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Pradeep > Agrawal. > > > Bugs: RANGER-2065 > https://issues.apache.org/jira/browse/RANGER-2065 > > > Repository: ranger > > > Description > --- > > This patch includes changes to verify entity-read-classification permission > is available for entity resource to given user/ group when entity is > associated with classifications. > > > Diffs > - > > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 465b06fb6 > > > Diff: https://reviews.apache.org/r/66563/diff/1/ > > > Testing > --- > > Tested user with and without entity-read-classification permission to access > entities with and without classification > > > Thanks, > > Nixon Rodrigues > >
Re: Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66504/#review200948 --- Ship it! Ship It! - Qiang Zhang On April 11, 2018, 12:49 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66504/ > --- > > (Updated April 11, 2018, 12:49 p.m.) > > > Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-2058 > https://issues.apache.org/jira/browse/RANGER-2058 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Ranger can not communicate to ssl enabled Postgres > server > > > **Proposed Solution:** > To connect to a SSL Enabled Postgres Server JDBC connection string could be : > =>For validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". > =>For Non validating CA: > "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". > > The 'ssl=true' property is added to the JDBC URL to attempt to communicate > via SSL. > The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to > bypass certificate validation. > --- > Following properties of install.properties file can be used to provide the > SSL config options, keystore and truststore path to connect to SSL enabled > Postgres server: > > db_ssl_enabled= > db_ssl_required= > db_ssl_verifyServerCertificate= > db_ssl_auth_type= > javax_net_ssl_keyStore= > javax_net_ssl_keyStorePassword= > javax_net_ssl_trustStore= > javax_net_ssl_trustStorePassword= > --- > **Rules:** > 1. if [db_ssl_enabled=true] then ranger admin/kms JDBC URL will attempt to > communicate to postgres via SSL. > 2. if [db_ssl_enabled=true and [db_ssl_required=false and > db_ssl_verifyServerCertificate=false]] then JDBC url will have parameter > 'sslfactory=org.postgresql.ssl.NonValidatingFactory' in it and CA validation > will be skipped. > 3. if [db_ssl_enabled=true and [db_ssl_required=true or > db_ssl_verifyServerCertificate=true]] then CA validation will be mandatory. >3.1) if [db_ssl_auth_type=1-way] then User have to provide the certificate > and password through truststore > properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword) >3.2) if [db_ssl_auth_type=2-way] then User have to provide the keystore > and password through keystore > properties(javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword) and CA > certificate and password through truststore > properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword). > > **Note:** > Ranger application and jisql utility should know from where to pick the > certificates which can be set in the System properties like this : > -Djavax.net.ssl.keyStore=path_to_keystore_file > -Djavax.net.ssl.keyStorePassword=password > -Djavax.net.ssl.trustStore=path_to_truststore_file > -Djavax.net.ssl.trustStorePassword=password > > > Diffs > - > > kms/scripts/db_setup.py a431b60 > kms/scripts/dba_script.py bcd4aa2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca > security-admin/scripts/db_setup.py b8664d2 > security-admin/scripts/dba_script.py 69fff41 > security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java > edd9d36 > > > Diff: https://reviews.apache.org/r/66504/diff/2/ > > > Testing > --- > > **Steps Performed(with patch):** > Installed Postgres and enabled SSL with the help of doc : > https://www.postgresql.org/docs/9.5/static/ssl-tcp.html > > Untar ranger-admin from Build having changes of proposed patch. > Provided ranger db root and admin db details in install.properties. > Provided values for below properties of install.properties file. > db_ssl_enabled=true > db_ssl_required=true > db_ssl_verifyServerCertificate=true > db_ssl_auth_type=1-way > javax_net_ssl_keyStore=/root/keystore > javax_net_ssl_keyStorePassword=secret > javax_net_ssl_trustStore=/root/truststore > javax_net_ssl_trustStorePassword=secret > > Executed setup.sh script. > > Tried to start ranger admin service. > > **Expected behaviour :** Ranger admin should start normally and User should > able to see Dashboard page after login. > > **Actual behaviour :** Ranger admin was started and was able to login and see > Ranger UI. > > **Note :** > Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and > two-way ssl configurations. > Tried below combination of SSL properties also with different ranger db > combination to install ranger admin and ranger kms. > > db_ssl_enabled|db_ssl_required|db_ssl_verifyServerCertificate|db_ssl_auth_type|javax_net_ssl_keyStore > javax_net_ssl_trustStore >
[jira] [Assigned] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-2066: -- Assignee: Abhay Kulkarni > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user. When test_user executes "scan 'emp' " command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should be authorized by resource policy. was: ERROR SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, ** column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on all tables, all column-families and all > columns and a tag policy allows Read on OFFICIAL tag to test_user. > When test_user executes "scan 'emp' " command, two audit log records are > created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should be authorized by resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, ** column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 column families: personal_data(name,SSN,age) ; > prof_data(role, manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, ** column-family=*,column=* and Tag > policy allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and Tag policy allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Resource based policy 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and policy for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, column-family=*,column=* and Tag > policy allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Resource based policy > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column in the column family
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Summary: Hbase column family access is authorized by a tagged column in the column family (was: Hbase column family access is authorized by a tagged column) > Hbase column family access is authorized by a tagged column in the column > family > > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, column-family=*,column=* and policy > for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Access based policy [Tag column shows PII] > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Resource policy allows Read on table=*, column-family=*,column=* and policy for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. When test_user executes 'scan emp' command, two audit log records are created: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Rsrc policy allows Read on table=*, column-family=*,column=* Tag policy allows Read on OFFICIAL tag (emp/prof_data/role). 'scan emp' audit shows 2 rows: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag{color:#d04437} -> How can column level tag based policy authorize whole of column family?{color} prof_data column-family should not be authorized by a tagged role column in it. > Hbase column family access is authorized by a tagged column > --- > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Resource policy allows Read on table=*, column-family=*,column=* and policy > for tag OFFICIAL allows Read on OFFICIAL tag for a test_user. > When test_user executes 'scan emp' command, two audit log records are created: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Access based policy [Tag column shows PII] > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Description: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Rsrc policy allows Read on table=*, column-family=*,column=* Tag policy allows Read on OFFICIAL tag (emp/prof_data/role). 'scan emp' audit shows 2 rows: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy for OFFICIAL tag{color:#d04437} -> How can column level tag based policy authorize whole of column family?{color} prof_data column-family should not be authorized by a tagged role column in it. was: ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Rsrc policy allows R on *,*,* Tag policy allows R on OFFICIAL tag (emp/prof_data/role). 'scan emp' audit shows 2 rows: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy{color:#d04437} -> How can column level tag based policy authorize whole of column family?{color} TAG: OFFICIAL This gives the impression that whole of personal_data column-family is tagged with the OFFICIAL tag. Solution: Audit should be generated column wise so that each column can show the correct policy id authorizing it. > Hbase column family access is authorized by a tagged column > --- > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Rsrc policy allows Read on table=*, column-family=*,column=* > Tag policy allows Read on OFFICIAL tag (emp/prof_data/role). > 'scan emp' audit shows 2 rows: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Access based policy [Tag column shows PII] > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy for OFFICIAL tag{color:#d04437} -> How can > column level tag based policy authorize whole of column family?{color} > prof_data column-family should not be authorized by a tagged role column in > it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2066) Hbase column family access is authorized by a tagged column
[ https://issues.apache.org/jira/browse/RANGER-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni updated RANGER-2066: --- Summary: Hbase column family access is authorized by a tagged column (was: Error in logging audit for Hbase Tag flow) > Hbase column family access is authorized by a tagged column > --- > > Key: RANGER-2066 > URL: https://issues.apache.org/jira/browse/RANGER-2066 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Priority: Major > Fix For: master, 1.1.0 > > > ERROR SCENARIO: > Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, > manager) > Column emp/prof_data/role is tagged with OFFICIAL tag. > Create following policies: > Rsrc policy allows R on *,*,* > Tag policy allows R on OFFICIAL tag (emp/prof_data/role). > 'scan emp' audit shows 2 rows: > 1. Resource: emp/personal_data > Name / Type: column-family > Allowed > Policy allowing: Access based policy [Tag column shows PII] > 2. Resource: emp/prof_data > Name / Type: column-family > Allowed > Policy allowing: TAG based policy{color:#d04437} -> How can column level tag > based policy authorize whole of column family?{color} > TAG: OFFICIAL > This gives the impression that whole of personal_data column-family is tagged > with the OFFICIAL tag. > Solution: Audit should be generated column wise so that each column can show > the correct policy id authorizing it. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2066) Error in logging audit for Hbase Tag flow
Anuja Leekha created RANGER-2066: Summary: Error in logging audit for Hbase Tag flow Key: RANGER-2066 URL: https://issues.apache.org/jira/browse/RANGER-2066 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 1.0.0, master Reporter: Anuja Leekha Fix For: master, 1.1.0 ERROR SCENARIO: Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager) Column emp/prof_data/role is tagged with OFFICIAL tag. Create following policies: Rsrc policy allows R on *,*,* Tag policy allows R on OFFICIAL tag (emp/prof_data/role). 'scan emp' audit shows 2 rows: 1. Resource: emp/personal_data Name / Type: column-family Allowed Policy allowing: Access based policy [Tag column shows PII] 2. Resource: emp/prof_data Name / Type: column-family Allowed Policy allowing: TAG based policy{color:#d04437} -> How can column level tag based policy authorize whole of column family?{color} TAG: OFFICIAL This gives the impression that whole of personal_data column-family is tagged with the OFFICIAL tag. Solution: Audit should be generated column wise so that each column can show the correct policy id authorizing it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2065) Entity is readable even if there is no entity-read-classification permission.
[ https://issues.apache.org/jira/browse/RANGER-2065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated RANGER-2065: Attachment: RANGER-2065.patch > Entity is readable even if there is no entity-read-classification permission. > - > > Key: RANGER-2065 > URL: https://issues.apache.org/jira/browse/RANGER-2065 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Nixon Rodrigues >Assignee: Nixon Rodrigues >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2065.patch > > > Scenario: > 1) create entity and tag, > 2) associate that entity to tag. > 3) user1 does not have read classification but read entity. > Make a rest call to read classification details in the entity it fails as > expected: > {code:java} > { > "errorCode": "ATLAS-403-00-001", > "errorMessage": "admin is not authorized to perform get classifications: > guid=d11fd3de-d99d-4e3f-b489-4c0f97651f7d" > } > {code} > but when we login to UI and open the entity we are able to see classification > details despite of having no read classification permission which is same > information as what was denied in rest call. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66563: Entity is readable even if there is no entity-read-classification permission.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66563/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Pradeep Agrawal. Bugs: RANGER-2065 https://issues.apache.org/jira/browse/RANGER-2065 Repository: ranger Description --- This patch includes changes to verify entity-read-classification permission is available for entity resource to given user/ group when entity is associated with classifications. Diffs - plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 465b06fb6 Diff: https://reviews.apache.org/r/66563/diff/1/ Testing --- Tested user with and without entity-read-classification permission to access entities with and without classification Thanks, Nixon Rodrigues
[jira] [Created] (RANGER-2065) Entity is readable even if there is no entity-read-classification permission.
Nixon Rodrigues created RANGER-2065: --- Summary: Entity is readable even if there is no entity-read-classification permission. Key: RANGER-2065 URL: https://issues.apache.org/jira/browse/RANGER-2065 Project: Ranger Issue Type: Bug Components: plugins Reporter: Nixon Rodrigues Assignee: Nixon Rodrigues Fix For: 1.1.0 Scenario: 1) create entity and tag, 2) associate that entity to tag. 3) user1 does not have read classification but read entity. Make a rest call to read classification details in the entity it fails as expected: {code:java} { "errorCode": "ATLAS-403-00-001", "errorMessage": "admin is not authorized to perform get classifications: guid=d11fd3de-d99d-4e3f-b489-4c0f97651f7d" } {code} but when we login to UI and open the entity we are able to see classification details despite of having no read classification permission which is same information as what was denied in rest call. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2064) Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
[ https://issues.apache.org/jira/browse/RANGER-2064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nikhil Purbhe updated RANGER-2064: -- Fix Version/s: 1.1.0 > Ranger Usersync should use cookie based authentication for subsequent > requests to Ranger admin > -- > > Key: RANGER-2064 > URL: https://issues.apache.org/jira/browse/RANGER-2064 > Project: Ranger > Issue Type: Improvement > Components: Ranger, usersync >Reporter: Nikhil Purbhe >Assignee: Nikhil Purbhe >Priority: Major > Fix For: 1.1.0 > > > Ranger Usersync should use cookie based authentication for subsequent > requests to Ranger admin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2064) Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
[ https://issues.apache.org/jira/browse/RANGER-2064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nikhil Purbhe updated RANGER-2064: -- Component/s: usersync > Ranger Usersync should use cookie based authentication for subsequent > requests to Ranger admin > -- > > Key: RANGER-2064 > URL: https://issues.apache.org/jira/browse/RANGER-2064 > Project: Ranger > Issue Type: Improvement > Components: Ranger, usersync >Reporter: Nikhil Purbhe >Assignee: Nikhil Purbhe >Priority: Major > Fix For: 1.1.0 > > > Ranger Usersync should use cookie based authentication for subsequent > requests to Ranger admin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2064) Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin
Nikhil Purbhe created RANGER-2064: - Summary: Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin Key: RANGER-2064 URL: https://issues.apache.org/jira/browse/RANGER-2064 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Nikhil Purbhe Assignee: Nikhil Purbhe Ranger Usersync should use cookie based authentication for subsequent requests to Ranger admin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66504/ --- (Updated April 11, 2018, 12:49 p.m.) Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Addressed review comment and removed optional verify-ca url parameter. Bugs: RANGER-2058 https://issues.apache.org/jira/browse/RANGER-2058 Repository: ranger Description (updated) --- **Problem Statement:** Ranger can not communicate to ssl enabled Postgres server **Proposed Solution:** To connect to a SSL Enabled Postgres Server JDBC connection string could be : =>For validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". =>For Non validating CA: "jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true". The 'ssl=true' property is added to the JDBC URL to attempt to communicate via SSL. The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to bypass certificate validation. --- Following properties of install.properties file can be used to provide the SSL config options, keystore and truststore path to connect to SSL enabled Postgres server: db_ssl_enabled= db_ssl_required= db_ssl_verifyServerCertificate= db_ssl_auth_type= javax_net_ssl_keyStore= javax_net_ssl_keyStorePassword= javax_net_ssl_trustStore= javax_net_ssl_trustStorePassword= --- **Rules:** 1. if [db_ssl_enabled=true] then ranger admin/kms JDBC URL will attempt to communicate to postgres via SSL. 2. if [db_ssl_enabled=true and [db_ssl_required=false and db_ssl_verifyServerCertificate=false]] then JDBC url will have parameter 'sslfactory=org.postgresql.ssl.NonValidatingFactory' in it and CA validation will be skipped. 3. if [db_ssl_enabled=true and [db_ssl_required=true or db_ssl_verifyServerCertificate=true]] then CA validation will be mandatory. 3.1) if [db_ssl_auth_type=1-way] then User have to provide the certificate and password through truststore properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword) 3.2) if [db_ssl_auth_type=2-way] then User have to provide the keystore and password through keystore properties(javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword) and CA certificate and password through truststore properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword). **Note:** Ranger application and jisql utility should know from where to pick the certificates which can be set in the System properties like this : -Djavax.net.ssl.keyStore=path_to_keystore_file -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=path_to_truststore_file -Djavax.net.ssl.trustStorePassword=password Diffs (updated) - kms/scripts/db_setup.py a431b60 kms/scripts/dba_script.py bcd4aa2 kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca security-admin/scripts/db_setup.py b8664d2 security-admin/scripts/dba_script.py 69fff41 security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java edd9d36 Diff: https://reviews.apache.org/r/66504/diff/2/ Changes: https://reviews.apache.org/r/66504/diff/1-2/ Testing --- **Steps Performed(with patch):** Installed Postgres and enabled SSL with the help of doc : https://www.postgresql.org/docs/9.5/static/ssl-tcp.html Untar ranger-admin from Build having changes of proposed patch. Provided ranger db root and admin db details in install.properties. Provided values for below properties of install.properties file. db_ssl_enabled=true db_ssl_required=true db_ssl_verifyServerCertificate=true db_ssl_auth_type=1-way javax_net_ssl_keyStore=/root/keystore javax_net_ssl_keyStorePassword=secret javax_net_ssl_trustStore=/root/truststore javax_net_ssl_trustStorePassword=secret Executed setup.sh script. Tried to start ranger admin service. **Expected behaviour :** Ranger admin should start normally and User should able to see Dashboard page after login. **Actual behaviour :** Ranger admin was started and was able to login and see Ranger UI. **Note :** Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and two-way ssl configurations. Tried below combination of SSL properties also with different ranger db combination to install ranger admin and ranger kms. db_ssl_enabled|db_ssl_required|db_ssl_verifyServerCertificate|db_ssl_auth_type|javax_net_ssl_keyStore javax_net_ssl_trustStore TRUETRUETRUE2-way providedprovided TRUETRUETRUE2-way providednot provided TRUETRUETRUE2-way not providedprovided TRUETRUETRUE2-way not providednot provided TRUETRUETRUE1-way providedprovided TRUETRUETRUE1-way providednot provided TRUETRUETRUE1-way not providedprovided TRUETRUE
Re: Review Request 66509: RANGER-2060 : Knox proxy with knox-sso is not working for ranger
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66509/#review200896 --- Ship it! Ship It! - Mehul Parikh On April 9, 2018, 2:33 p.m., Vishal Suvagia wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66509/ > --- > > (Updated April 9, 2018, 2:33 p.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2060 > https://issues.apache.org/jira/browse/RANGER-2060 > > > Repository: ranger > > > Description > --- > > Knox proxy with Knox-SSO is not working in a case when HA is enabled for both > Ranger and Knox. > > If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as > ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on > knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and > knox2.abc.com. > > If Ranger load-balancer URL is used in the knox topology for knox-proxy > ui.xml, redirected url gets corrupted as: > knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger > > Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for > Ranger to login. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java > ec6d78d > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 22ba524 > > > Diff: https://reviews.apache.org/r/66509/diff/1/ > > > Testing > --- > > Verified Knox-SSO and Knox-Proxy authentication to be working for > Ranger-Admin in simple and kerberos enabled environments. > > > Thanks, > > Vishal Suvagia > >
Re: Review Request 66499: RANGER-2062: Update jQuery version
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66499/#review200897 --- Ship it! Ship It! - Mehul Parikh On April 9, 2018, 6:07 a.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66499/ > --- > > (Updated April 9, 2018, 6:07 a.m.) > > > Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-2062 > https://issues.apache.org/jira/browse/RANGER-2062 > > > Repository: ranger > > > Description > --- > > Currently, we are using v1.10.2 jQuery version. We can update to v3.3.1 > jQuery's latest stable version and their dependencies. > > > Diffs > - > > security-admin/src/main/webapp/index.html 909dbeb > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/animated-overlay.gif > d441f75ebfbdf26a265dfccd670120d25c0a341c > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_flat_0_aa_40x100.png > 4743d097e113d529cde4bf0d631f58628f9efd06 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_flat_75_ff_40x100.png > ca779e35d80700d99e6bb5b54d9dbabf46827fce > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_55_fbf9ee_1x400.png > 664038172ae06863108ee1731aac596863b44933 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_65_ff_1x400.png > d3277b5e96a47e3e8364682d3ea30abb3cb1d7fc > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_75_dadada_1x400.png > 7eda20a5976a72088b0706f05ed49f5a5e04ca53 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_75_e6e6e6_1x400.png > f4d86b963e90b5663fd2c3e9f88f4641a06928ba > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_95_fef1ec_1x400.png > 8500938dc41e87842f06c8f93b5836033feff799 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_highlight-soft_75_cc_1x100.png > 4795f6973736b7afc605ea3fed919b0d8a3f7f8f > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_22_256x240.png > c7dab3120628e3bbddb13c20d5bd8de65453ec9d > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_2e83ff_256x240.png > e04e87a76bffb4c17567ba3644110e6bcaf6c05d > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_454545_256x240.png > 825ce7bf07b540a90293f33df26df989a7de0194 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_88_256x240.png > e2d9f906b767f43a1617ac3c9e7efbbb027f98c8 > > security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_cd0a0a_256x240.png > b13299903c2de9d0bcc91d4dcaa81a7258ae4d92 > security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery-ui.css > 572ed8a > security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery-ui.min.css > b8b6f0a > security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery.ui.theme.css > 19e5839 > security-admin/src/main/webapp/libs/bower/jquery-ui/js/jquery-ui.min.js > 82bbb67 > security-admin/src/main/webapp/libs/bower/jquery/js/jquery-1.10.2.js > c5c6482 > security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.3.1.js > PRE-CREATION > security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.3.1.min.js > PRE-CREATION > security-admin/src/main/webapp/libs/bower/jquery/js/jquery-migrate.js > 942cb8b > security-admin/src/main/webapp/libs/bower/jquery/js/jquery-migrate.min.js > eb3ecb1 > security-admin/src/main/webapp/libs/bower/jquery/js/jquery.js c5c6482 > security-admin/src/main/webapp/libs/bower/jquery/js/jquery.min.js 29b3a2c > security-admin/src/main/webapp/libs/bower/jquery/js/jquery.min.map 7dc9c7d > security-admin/src/main/webapp/libs/bower/tag-it/js/tag-it.js 3adcf4c > security-admin/src/main/webapp/libs/bower/tag-it/js/tag-it.min.js fd6140c > > security-admin/src/main/webapp/libs/bower/x-editable/js/bootstrap-editable.min.js > a994677 > > security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_44_256x240.png > PRE-CREATION > > security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_55_256x240.png > PRE-CREATION > > security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_777620_256x240.png > PRE-CREATION > > security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_77_256x240.png > PRE-CREATION > > security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_cc_256x240.png > PRE-CREATION > >