[jira] [Updated] (RANGER-2094) Handle Export Policy feature for different browsers
[ https://issues.apache.org/jira/browse/RANGER-2094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh updated RANGER-2094: - Attachment: RANGER-2094.patch > Handle Export Policy feature for different browsers > --- > > Key: RANGER-2094 > URL: https://issues.apache.org/jira/browse/RANGER-2094 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.1.0 >Reporter: Mehul Parikh >Assignee: Mehul Parikh >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2094.patch > > > * Policies are not getting exported in Firefox 59. > * "Add validity period" button is not working in Internet Explore 11. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2094) Handle Export Policy featurefor firefox and IE
Mehul Parikh created RANGER-2094: Summary: Handle Export Policy featurefor firefox and IE Key: RANGER-2094 URL: https://issues.apache.org/jira/browse/RANGER-2094 Project: Ranger Issue Type: Bug Components: admin Affects Versions: 1.1.0 Reporter: Mehul Parikh Assignee: Mehul Parikh Fix For: 1.1.0 * Policies are not getting exported in Firefox 59. * "Add validity period" button is not working in Internet Explore 11. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2094) Handle Export Policy feature for different browsers
[ https://issues.apache.org/jira/browse/RANGER-2094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh updated RANGER-2094: - Summary: Handle Export Policy feature for different browsers (was: Handle Export Policy featurefor firefox and IE ) > Handle Export Policy feature for different browsers > --- > > Key: RANGER-2094 > URL: https://issues.apache.org/jira/browse/RANGER-2094 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.1.0 >Reporter: Mehul Parikh >Assignee: Mehul Parikh >Priority: Major > Fix For: 1.1.0 > > > * Policies are not getting exported in Firefox 59. > * "Add validity period" button is not working in Internet Explore 11. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Ranger user sync with Identity Server on a kerberized cluster
Hi Sirisha Ranger supports LDAP, Linux users and files to sync users. UserSync is an independent process and you should be able to add support for custom user sources. Thanks Bosco From: "CHODISETTY, LAKSHMI SIRISHA" Reply-To: Date: Thursday, March 1, 2018 at 1:28 AM To: "dev@ranger.apache.org" Subject: Ranger user sync with Identity Server on a kerberized cluster Hi Team, Is it possible to use Identity Server for configuring Ranger user sync ? If possible, could you just share the steps to do the same ? I’m using Azure hadoop clusters that are provisioned using cloud break and the set up is kerberized. With best regards, Sirisha Chodisetty Siemens Technology and Services Private Limited CT RDA BAM ADM-IN 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9731149224 mailto:lakshmi.chodise...@siemens.com www.siemens.co.in/STS www.siemens.com/ingenuityforlife Registered Office: Unit 501/C-1, 5th Floor, Poonam Chambers, A Wing, Dr. Annie Besant Road, Worli, Mumbai – 400018. Telephone +91 22 39677000. Fax +91 22 24362404. Other Offices: Bangalore, Chennai, Gurgaon, Noida, Pune. Corporate Identity number: U9MH1986PTC093854
[jira] [Commented] (RANGER-2086) Resource data mask policy overrides when both tag and resource datamask policies match
[ https://issues.apache.org/jira/browse/RANGER-2086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16463245#comment-16463245 ] Don Bosco Durai commented on RANGER-2086: - [~abhayk] , when there are conflicting policies, which takes preference? Thanks > Resource data mask policy overrides when both tag and resource datamask > policies match > -- > > Key: RANGER-2086 > URL: https://issues.apache.org/jira/browse/RANGER-2086 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: master, 1.1.0 > > > If both tag and resource data-mask policies match accessed hive resource, > mask-specification in the resource policy is always used. The audit log > record is inconsistent in that it contains tag-policy-id as determining > data-mask policy, but the masking specification is from resource policy. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix if required.
Thanks
Bosco
On 4/26/18, 3:58 AM, "scan-ad...@coverity.com" wrote:
Hi,
Please find the latest report on new defect(s) introduced to Apache Ranger
found with Coverity Scan.
2 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 175488: Concurrent data access violations (GUARDED_BY_VIOLATION)
/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
100 in
org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()()
*** CID 175488: Concurrent data access violations (GUARDED_BY_VIOLATION)
/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
100 in
org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()()
94 }
95
96 return ret;
97 }
98
99 public AuditHandler getAuditProvider() {
>>> CID 175488: Concurrent data access violations
(GUARDED_BY_VIOLATION)
>>> Accessing "mProvider" without holding lock
"AuditProviderFactory.this". Elsewhere,
"org.apache.ranger.audit.provider.AuditProviderFactory.mProvider" is accessed
with "AuditProviderFactory.this" held 12 out of 14 times.
100 return mProvider;
101 }
102
103 public boolean isInitDone() {
104 return mInitDone;
105 }
** CID 175487: Concurrent data access violations (GUARDED_BY_VIOLATION)
/agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java:
30 in
org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()()
*** CID 175487: Concurrent data access violations (GUARDED_BY_VIOLATION)
/agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java:
30 in
org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()()
24 public class StandAloneAuditProviderFactory extends
AuditProviderFactory {
25 private static final Log LOG =
LogFactory.getLog(StandAloneAuditProviderFactory.class);
26
27 private volatile static StandAloneAuditProviderFactory sFactory
= null;
28
29 public static StandAloneAuditProviderFactory getInstance() {
>>> CID 175487: Concurrent data access violations
(GUARDED_BY_VIOLATION)
>>> Accessing
"org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory"
without holding lock "StandAloneAuditProviderFactory.class". Elsewhere,
"org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory" is
accessed with "StandAloneAuditProviderFactory.class" held 2 out of 3 times.
30 StandAloneAuditProviderFactory ret = sFactory;
31 if(ret == null) {
32
synchronized(StandAloneAuditProviderFactory.class) {
33 ret = sFactory;
34 if(ret == null) {
35 ret = sFactory = new
StandAloneAuditProviderFactory();
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86gM2cnAZ2hrO1Y-2F6us8dR3EF7fY8Tws4-2F0PXD-2BEipSC1NtRVGpgdtz2N0uvJ-2FS49EzG4i1MBSZ5Et7ycsWxCks7WU5ImW8FlANWFHxs7qzHVhm2At1G5boP5hlATiOo8dt1-2FEdUVyWaaPJjUSCSXXoLQ-3D-3D
To manage Coverity Scan email notifications for "bo...@apache.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86glScWFQ9LnZJXWPMF2H6d1JXfJmfwJ5-2FAytpNDdIltC-2FC-2BbdAHtk1gEX94Xtx3XqWvAS6yKrJasMe644B9Q2KB2dkxjOP4Xhgw95pyOdRbrpET3pZbO4grNVDrVc2gXjNKSni-2F1bN3pUJ0x82uAqwlQ-3D-3D
[jira] [Created] (RANGER-2093) RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger
Ramesh Mani created RANGER-2093: --- Summary: RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger Key: RANGER-2093 URL: https://issues.apache.org/jira/browse/RANGER-2093 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 1.1.0 Reporter: Ramesh Mani Assignee: Ramesh Mani Fix For: 1.1.0 RangerHiveAuthorizer showPrivileges should show Hive Resources ACLs from Ranger Policies Currently StandardSQLAuth ACLs is shown when the call is made and this is misleading. Proposal is to show privileges for a Hive Resource or Hive Resource and user/group from Ranger Policies when ranger plugin is enabled for hive. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1837) Enhance Ranger Audit to HDFS to support ORC file format
[
https://issues.apache.org/jira/browse/RANGER-1837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16463009#comment-16463009
]
Ramesh Mani commented on RANGER-1837:
-
[~bosco] [~risdenk]
Please review this and feed back on this. Thanks much!
> Enhance Ranger Audit to HDFS to support ORC file format
> ---
>
> Key: RANGER-1837
> URL: https://issues.apache.org/jira/browse/RANGER-1837
> Project: Ranger
> Issue Type: Improvement
> Components: audit
>Reporter: Kevin Risden
>Assignee: Ramesh Mani
>Priority: Major
> Attachments:
> 0001-RANGER-1837-Enhance-Ranger-Audit-to-HDFS-to-support-.patch,
> 0001-RANGER-1837-Enhance-Ranger-Audit-to-HDFS-to-support-002.patch,
> 0001-RANGER-1837-Enhance-Ranger-Audit-to-HDFS-to-support_001.patch,
> AuditDataFlow.png
>
>
> My team has done some research and found that Ranger HDFS audits are:
> * Stored as JSON objects (one per line)
> * Not compressed
> This is currently very verbose and would benefit from compression since this
> data is not frequently accessed.
> From Bosco on the mailing list:
> {quote}You are right, currently one of the options is saving the audits in
> HDFS itself as JSON files in one folder per day. I have loaded these JSON
> files from the folder into Hive as compressed ORC format. The compressed
> files in ORC were less than 10% of the original size. So, it was significant
> decrease in size. Also, it is easier to run analytics on the Hive tables.
>
> So, there are couple of ways of doing it.
>
> Write an Oozie job which runs every night and loads the previous day worth
> audit logs into ORC or other format
> Write a AuditDestination which can write into the format you want to.
>
> Regardless which approach you take, this would be a good feature for
> Ranger.{quote}
> http://mail-archives.apache.org/mod_mbox/ranger-user/201710.mbox/%3CCAJU9nmiYzzUUX1uDEysLAcMti4iLmX7RE%3DmN2%3DdoLaaQf87njQ%40mail.gmail.com%3E
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
