date:20221006

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

2022-10-06 Thread Madhan Neethiraj



> On Oct. 5, 2022, 4:09 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
> > Lines 139 (patched)
> > 
> >
> > Current behavior is to delete all IDs in one call. To retain this, 
> > consider the following:
> > 
> >   if (BATCH_DELETE_BATCH_SIZE < 0) {
> > getEntityManager().createNamedQuery(namedQuery, tClass)
> >   .setParameter(paramName, 
> > ids).executeUpdate();
> >   } else {
> > // batch deletes
> >   }
> 
> Ramachandran Krishnan wrote:
> When the list size is above 1000, this flow will not work due to the 
> limitation of inclause values size.
> As far as i know better we keep batch deletes to avoid those kind of 
> errors .

deleting one at a time will retain the behavior for cleanupRefTables(), which 
currently deletes one entity at a time. However, other use of bulk-delete 
currently delete all entities in one call; these will be changed to delete one 
at a time. Hence my suggestion above.


- Madhan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74148/#review224750
---


On Oct. 7, 2022, 3:37 a.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74148/
> ---
> 
> (Updated Oct. 7, 2022, 3:37 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3900
> https://issues.apache.org/jira/browse/RANGER-3900
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We used DB batch write call instead of 1 DB write call for every 
> user,role,group deference
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
> 56f7ec4c8 
>   security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java 
> fc56ff88b 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java
>  a8233e30c 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefConditionDao.java
>  bc17fcdb0 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefDataMaskTypeDao.java
>  df5f7cd94 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefGroupDao.java 
> dc41aeadb 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefResourceDao.java 
> 738c6ff49 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java 
> 35433c758 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefUserDao.java 
> eced7b261 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java 
> eb470f260 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java 
> 8f6fc8cfa 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java 
> ba9fb494b 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74148/diff/4/
> 
> 
> Testing
> ---
> 
> test with 1 Role contains 1k other roles and 1k groups 
> while deleting the role it took 11.577 seconds
> After fix
> it took 1.021 seconds
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

[jira] [Commented] (RANGER-3010) Rest API 'addUsersAndGroups' issue

2022-10-06 Thread Ramachandran (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17613850#comment-17613850
 ] 

Ramachandran commented on RANGER-3010:
--

Added  QueryParam annotation as part of the existing  and new  Rest API 
contract to make it clear understanding for the end users:

Existing API's

PublicAPIsv2:

/api/roles/\{id}/addUsersAndGroups
/api/roles/\{id}/removeUsersAndGroups
/api/roles/\{id}/removeAdminFromUsersAndGroups

RoleREST:

/roles/roles/\{id}/addUsersAndGroups
/roles/roles/\{id}/removeUsersAndGroups
/roles/roles/\{id}/removeAdminFromUsersAndGroups

New API's:

PublicAPIsv2:

/api/roles/name/\{name}/addUsersAndGroups
/api/roles/name/\{name}/removeUsersAndGroups
/api/roles/name/\{name}/removeAdminFromUsersAndGroups

RoleREST:

/roles/roles/name/\{name}/addUsersAndGroups
/roles/roles/name/\{name}/removeUsersAndGroups
/roles/roles/name/\{name}/removeAdminFromUsersAndGroups

 

cc >> [~mad...@apache.org]  [~vel] [~pradeep] 

> Rest API 'addUsersAndGroups' issue
> --
>
> Key: RANGER-3010
> URL: https://issues.apache.org/jira/browse/RANGER-3010
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: leo sun
>Assignee: Ramachandran
>Priority: Major
> Attachments: 0001-RANGER-3010-Rest-API-addUsersAndGroups-issue.patch
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> I want to use Ranger API functions - addUsersAndGroups & removeUsersAndGroups 
> to manage users and groups of role. But official reference don't have 
> suitable example for these two APIs. And my all attempts failed.
> Another point: For example, I found the input type of addUsersAndGroups is 
> Boolean on official web, but the input of the implement function is two 
> string list and one boolean.
> I don't know how to use it. Could you help me with this? [~abhayk]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

2022-10-06 Thread Ramachandran Krishnan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74148/
---

(Updated Oct. 7, 2022, 3:37 a.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep 
Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3900
https://issues.apache.org/jira/browse/RANGER-3900


Repository: ranger


Description
---

We used DB batch write call instead of 1 DB write call for every 
user,role,group deference


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
56f7ec4c8 
  security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java 
fc56ff88b 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java 
a8233e30c 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefConditionDao.java 
bc17fcdb0 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefDataMaskTypeDao.java
 df5f7cd94 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefGroupDao.java 
dc41aeadb 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefResourceDao.java 
738c6ff49 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java 
35433c758 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefUserDao.java 
eced7b261 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java 
eb470f260 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java 
8f6fc8cfa 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java 
ba9fb494b 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 


Diff: https://reviews.apache.org/r/74148/diff/4/

Changes: https://reviews.apache.org/r/74148/diff/3-4/


Testing
---

test with 1 Role contains 1k other roles and 1k groups 
while deleting the role it took 11.577 seconds
After fix
it took 1.021 seconds


Thanks,

Ramachandran Krishnan

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

2022-10-06 Thread Don Bosco Durai


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224760
---




agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 34 (patched)


Could we document what this configFile should contain? If it is user 
entered, then can we validate that it has all the fields we are expecting?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 44 (patched)


Does this have sensitive information? If so, we should print in debug logs



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 50 (patched)


Should strToken = null? So that the caller would know if the request failed?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 58 (patched)


Should we check if the post was successfull? E.g. check for HTTP return 
code?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 63 (patched)


Instead of doing e.toString(), can we just pass "e" to the logger? So the 
stack trace will be printed?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 64 (patched)


Since we are printing using logger, do we need to print to stderr also?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 67 (patched)


Would the response be null if the Unirest.post() throws an Exception? We 
could probably move this code within the try block above



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java
Lines 35 (patched)


Any reason this is class member attribute rather than defining it within 
the method getFromDataFile(). If i t is okay to have it class member attribute, 
then should we worry about multi-thread safety scenarios?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java
Lines 48 (patched)


We should probably ident this properly. It seems as if though it is closing 
the try block.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java
Lines 60 (patched)


Can we pass the exception as ",e", so that we can print the stack trace?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java
Lines 39 (patched)


What should we do if the GetBearerToken.getBearerToken() fails for any 
reason?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java
Lines 49 (patched)


Should return from here or rethrow the exception if the Unirest.get() 
request fails?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java
Lines 50 (patched)


Do we need to print in stderr



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
Lines 34 (patched)


Any reason we are having this has class static? It seems, line number 39 
redefines it with the class method? Same the member attribute decodedSecrets 
also



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
Lines 41 (patched)


Is it secure to print sensitive information?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
Lines 50 (patched)


Is it secure to print sensitive information?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
Lines 55 (patched)

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

2022-10-06 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224759
---




agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 19 (patched)


By convention, package names are in all lowercase letters. Consider 
renaming this package to "externalretrievers".



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 41 (patched)


How about using gson object instantiated at #32, instead of instantiating 
it for every call to getBearerToken()?



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
Lines 48 (patched)


Ranger libraries use HttpClient library for HTTP calls - 
https://hc.apache.org/httpcomponents-client-4.5.x/index.html#. To avoid 
additional dependency of unirest libraries, I suggest to use HttpClient library.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
Lines 34 (patched)


static members encodedSecrets and decodedSecrets are unused. Please review 
and remove.



agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/pom.xml
Lines 18 (patched)


Is this pom.xml file necessary? Please review and remove if unused.


- Madhan Neethiraj


On Sept. 26, 2022, 7:17 p.m., Barbara Eckman wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74142/
> ---
> 
> (Updated Sept. 26, 2022, 7:17 p.m.)
> 
> 
> Review request for ranger and madhan.
> 
> 
> Bugs: Ranger-3855
> https://issues.apache.org/jira/browse/Ranger-3855
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerExternalUserStoreRetriever class Ranger-3855
> 
> Ranger version 3.0.0 provides a means, via a context enricher, to add or 
> retrieve attributes to the database of users for whom Ranger controls access. 
> This permits syntax like "Dumbo" in $USER.aliases any Ranger policy 
> condition, including row and tag filters.   This greatly enhances the ability 
> to provide custom Attribute-based Access Control based on the specific 
> business needs of one's organization.
> 
> I believe that the original assumption was that such attributes would be 
> added to AD/LDAP and enter Ranger via regular user sync's. However, this 
> process does not currently work with Azure AD, which many organizations use. 
> Neither does it provide timely support for organizations for whom adding each 
> new attribute to AD would be subject to prolonged scrutiny by overworked 
> security teams.  
> 
> In the spirit of the RangerAdminUserStoreRetriever context enricher, we have 
> written a RangerExternalUserStoreRetriever class which adds arbitrary 
> attributes to Ranger users via external API calls, thus freeing additions to 
> the UserStore from dependency on AD/LDAP.   We have also written a 
> RangerRoleUserStoreRetriever class, which transforms role membership into 
> user attributes, for ease of use in complex policy conditions.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/LICENSE
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/NOTICE
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/README.md
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerExternalUserStoreRetriever.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
>  PRE-CREATION 
>   
>

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

2022-10-06 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74148/#review224757
---




security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
Line 168 (original), 172 (patched)


With the new findByRoleId() methods returning List, how about 
directly assigning to xxRoleRefUserIds, xxRoleRefRoleIds and 
xxRoleRefGroupByIds - like:
  List xxRoleRefUserIds= xRoleUserDao.findIdsByRoleId(roleId);
  List xxRoleRefRoleIds= xRoleRoleDao.findIdsByRoleId(roleId);
  List xxRoleRefGroupByIds = xRoleGroupDao.findIdsByRoleId(roleId);


- Madhan Neethiraj


On Oct. 6, 2022, 6:09 p.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74148/
> ---
> 
> (Updated Oct. 6, 2022, 6:09 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3900
> https://issues.apache.org/jira/browse/RANGER-3900
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We used DB batch write call instead of 1 DB write call for every 
> user,role,group deference
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
> 56f7ec4c8 
>   security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java 
> fc56ff88b 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java
>  a8233e30c 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefConditionDao.java
>  bc17fcdb0 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefDataMaskTypeDao.java
>  df5f7cd94 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefGroupDao.java 
> dc41aeadb 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefResourceDao.java 
> 738c6ff49 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java 
> 35433c758 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefUserDao.java 
> eced7b261 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java 
> eb470f260 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java 
> 8f6fc8cfa 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java 
> ba9fb494b 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74148/diff/3/
> 
> 
> Testing
> ---
> 
> test with 1 Role contains 1k other roles and 1k groups 
> while deleting the role it took 11.577 seconds
> After fix
> it took 1.021 seconds
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

2022-10-06 Thread Ramachandran Krishnan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74148/
---

(Updated Oct. 6, 2022, 6:09 p.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep 
Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3900
https://issues.apache.org/jira/browse/RANGER-3900


Repository: ranger


Description
---

We used DB batch write call instead of 1 DB write call for every 
user,role,group deference


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
56f7ec4c8 
  security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java 
fc56ff88b 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java 
a8233e30c 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefConditionDao.java 
bc17fcdb0 
  
security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefDataMaskTypeDao.java
 df5f7cd94 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefGroupDao.java 
dc41aeadb 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefResourceDao.java 
738c6ff49 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefRoleDao.java 
35433c758 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefUserDao.java 
eced7b261 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefGroupDao.java 
eb470f260 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefRoleDao.java 
8f6fc8cfa 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleRefUserDao.java 
ba9fb494b 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 


Diff: https://reviews.apache.org/r/74148/diff/3/

Changes: https://reviews.apache.org/r/74148/diff/2-3/


Testing
---

test with 1 Role contains 1k other roles and 1k groups 
while deleting the role it took 11.577 seconds
After fix
it took 1.021 seconds


Thanks,

Ramachandran Krishnan

[jira] [Resolved] (RANGER-3943) Add "follow roles" to Reports

2022-10-06 Thread Erplus (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-3943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Erplus resolved RANGER-3943.

Resolution: Duplicate

Missclick, my bad.

> Add "follow roles" to Reports
> -
>
> Key: RANGER-3943
> URL: https://issues.apache.org/jira/browse/RANGER-3943
> Project: Ranger
>  Issue Type: Wish
>  Components: admin, Ranger
>Reporter: Erplus
>Priority: Major
>
> When i want to find all privileges for a specific user or group i cannot find 
> all of them becaulse searching doesn't follow roles.
> Reproduce:
>  # Create user _usertest_
>  # Create role _roletest_
>  # Add _usertest_ _to roletest_
>  # Add some permissions for _roletest_ to some resource in any service
>  # Go to Reports
>  # In "Search criteria" put in "search by" "username" _usertest_ and click 
> search
>  # You cannot see priviliges of _usertest_ which are inherited from _roletest_
> My propose: add feature as checkbox "follow roles" side by search criteria 
> for username and group. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-3944) Add "follow roles" to Reports

2022-10-06 Thread Erplus (Jira)

Erplus created RANGER-3944:
--

 Summary: Add "follow roles" to Reports
 Key: RANGER-3944
 URL: https://issues.apache.org/jira/browse/RANGER-3944
 Project: Ranger
  Issue Type: Wish
  Components: admin, Ranger
Reporter: Erplus


When i want to find all privileges for a specific user or group i cannot find 
all of them because a searching doesn't follow roles.

How to reproduce:
 # Create user _usertest_
 # Create role _roletest_
 # Add _usertest_ _to roletest_
 # Add some permissions for _roletest_ to some resource in any service
 # Go to Reports
 # In "Search criteria" put in "search by" "username" _usertest_ and click 
search
 # You cannot see priviliges of _usertest_ which are inherited from _roletest_

My proposal: add feature as checkbox "follow roles" side by search criteria for 
username and group. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-3943) Add "follow roles" to Reports

2022-10-06 Thread Erplus (Jira)

Erplus created RANGER-3943:
--

 Summary: Add "follow roles" to Reports
 Key: RANGER-3943
 URL: https://issues.apache.org/jira/browse/RANGER-3943
 Project: Ranger
  Issue Type: Wish
  Components: admin, Ranger
Reporter: Erplus


When i want to find all privileges for a specific user or group i cannot find 
all of them becaulse searching doesn't follow roles.

Reproduce:
 # Create user _usertest_
 # Create role _roletest_
 # Add _usertest_ _to roletest_
 # Add some permissions for _roletest_ to some resource in any service
 # Go to Reports
 # In "Search criteria" put in "search by" "username" _usertest_ and click 
search
 # You cannot see priviliges of _usertest_ which are inherited from _roletest_

My propose: add feature as checkbox "follow roles" side by search criteria for 
username and group. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-3942) HA for HDFS service with active-standby namenodes works wrong

2022-10-06 Thread Jira

Paweł created RANGER-3942:
-

 Summary: HA for HDFS service with active-standby namenodes works 
wrong
 Key: RANGER-3942
 URL: https://issues.apache.org/jira/browse/RANGER-3942
 Project: Ranger
  Issue Type: Bug
  Components: admin, Ranger
Affects Versions: 2.3.0
Reporter: Paweł


When i create HDFS service in ranger admin based on Hadoop cluster with 2 
namenodes (1 active, 1 standby - not secondary!) and i select the second option 
(HA): [https://ibb.co/XC41DHc] then i have got an error: 
[https://ibb.co/qjfJzd4] 



For me it's a bug. I fill addres same as it is written in help description. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-1974) Ranger Authorizer and Audits for AWS S3

2022-10-06 Thread Bhavik Patel (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17613359#comment-17613359
 ] 

Bhavik Patel commented on RANGER-1974:
--

[~anirudh.v...@workday.copm] have you checked RANGER-1300?

> Ranger Authorizer and Audits for AWS S3 
> 
>
> Key: RANGER-1974
> URL: https://issues.apache.org/jira/browse/RANGER-1974
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Bosco
>Priority: Blocker
>
> As an enterprise security admin, I need to be able to define and manage 
> authorization policies for data stored in AWS S3 so that I can manage my 
> access control and authorization entitlements in hybrid and cloud 
> environments along with other data in platforms that Ranger currently 
> authorizes. This feature will should allow interoperability with AWS IAM 
> policies and be able to gather audits from the native cloud audit 
> capabilities such as via AWS CloudTrail.
> Implementation considerations:
>  # AWS S3 IAM  information: https://aws.amazon.com/documentation/iam/
>  # AWS CloudTrail information: 
> https://aws.amazon.com/documentation/cloudtrail/
>  # This could be a policy mapping or sync mechanism (either online or 
> offline) that will allow Ranger policy conditions, and user/group/role or 
> other policy elements to be mapped to what is available in AWS IAM. This 
> might entail having a different model where the Ranger plugin might not be 
> running in the cloud native service and might require a proxy or other 
> paradigms to be effective.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [ranger] sumannewton closed pull request #177: RANGER-3938: Fix for ranger audits in case of an alias

2022-10-06 Thread GitBox



sumannewton closed pull request #177: RANGER-3938: Fix for ranger audits in 
case of an alias
URL: https://github.com/apache/ranger/pull/177


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

[jira] [Commented] (RANGER-3010) Rest API 'addUsersAndGroups' issue

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

Re: Review Request 74148: Roles deletion Takes time in Apache Ranger when there are more users, groups, roles

[jira] [Resolved] (RANGER-3943) Add "follow roles" to Reports

[jira] [Created] (RANGER-3944) Add "follow roles" to Reports

[jira] [Created] (RANGER-3943) Add "follow roles" to Reports

[jira] [Created] (RANGER-3942) HA for HDFS service with active-standby namenodes works wrong

[jira] [Commented] (RANGER-1974) Ranger Authorizer and Audits for AWS S3

[GitHub] [ranger] sumannewton closed pull request #177: RANGER-3938: Fix for ranger audits in case of an alias

13 matches

Site Navigation

Mail list logo

Footer information