[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare

2024-01-07 Thread Abhishek (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803988#comment-17803988
 ] 

Abhishek commented on RANGER-:
--

Hi [~suchnit] , [~mad...@apache.org],
Currently, the DELETE API for security zone does not use forceDelete param.
Should the forceDelete param be implemented for security zones DELETE API and 
then based on the value, 
trigger the cascading delete of the datashare as well?
Thank you

> When security-zone is deleted with force, trigger cascade delete of datashare
> -
>
> Key: RANGER-
> URL: https://issues.apache.org/jira/browse/RANGER-
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> When security-zone is deleted with force, trigger cascade delete of datashare 
> also.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare

2024-01-07 Thread Madhan Neethiraj (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804094#comment-17804094
 ] 

Madhan Neethiraj commented on RANGER-:
--

[~abhishek.patil]  - I suggest retaining current behavior of security-zone 
DELETE API; introducing {{forceDelete}} flag will result in regression for 
existing callers. If we are to introduce {{forceDelete}} flag, the default 
value should be true, to avoid regression.

> When security-zone is deleted with force, trigger cascade delete of datashare
> -
>
> Key: RANGER-
> URL: https://issues.apache.org/jira/browse/RANGER-
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> When security-zone is deleted with force, trigger cascade delete of datashare 
> also.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [DISCUSS] merge RANGER-3923 branch into master branch

2024-01-07 Thread Madhan Neethiraj 
Rangers,

FYI. I will be merging RANGER-3923 branch to master on Jan-08, Monday.

Thanks,
Madhan

On 1/3/24, 2:20 PM, "Ramesh Mani" mailto:rm...@apache.org>> 
wrote:


+1 for merging the RANGER-3923 branch into master. Thanks Madhan for
the effort. This is a significant enhancement enabling datasets'
authorization and auditing.


Regards,
Ramesh




On Tue, Jan 2, 2024 at 3:01 PM Madhan Neethiraj mailto:mad...@apache.org>> wrote:


> (apologies for the resend; earlier mail had HTML formatting which got
> lost, now sending in plain text format)
>
> Rangers,
>
> For more than a year now, Apache Ranger community has been adding
> significant enhancements in RANGER-3923 branch. These enhancements enable
> business managers to manage access to datasets, instead of having data
> owners to manage access to individual resources like tables, columns,
> files, directories.
>
> In addition, this approach offers several benefits including:
> - reduced time for users in getting access to data across multiple
> services, with a single policy update.
> - business managers like project managers to manage access to datasets
> instead of multiple data owners, which reduces the time taken to get access
> to data.
> - separation of responsibilities: data owners focus on building
> datasets, while business managers focus on managing access to datasets.
> - eliminate the need to update access policies for any changes in
> datasets like add/remove/change resources.
>
> Apache Ranger community has built APIs and UI to manage datasets and
> access to datasets. Apache Ranger policy engine has been updated as well to
> support datasets. I propose merging these enhancements into master branch
> this week, and work towards releasing Apache Ranger 3.0 version, by next
> month. Please share your feedback.
>
> Looking forward to Apache Ranger 3.0 release!
>
> Thanks,
> Madhan
>
>
>

[jira] [Commented] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare

2024-01-07 Thread Abhishek (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804114#comment-17804114
 ] 

Abhishek commented on RANGER-:
--

Hi [~madhan],
In that case, whenever a security zone is deleted (from UI/API), the linked 
datashares will also be deleted (since the forceDelete flag is set True by 
default).
Should this be the expected behaviour i.e trigger a cascading delete of 
datashare whenever a security zone is deleted?
Thank you

> When security-zone is deleted with force, trigger cascade delete of datashare
> -
>
> Key: RANGER-
> URL: https://issues.apache.org/jira/browse/RANGER-
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> When security-zone is deleted with force, trigger cascade delete of datashare 
> also.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74753: RANGER-4521: All records not displayed on Admin Audits UI when filtered using session ID

2024-01-07 Thread Dineshkumar Yadav 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74753/#review226111
---


Ship it!




Ship It!

- Dineshkumar Yadav


On Dec. 19, 2023, 9:57 a.m., Rakesh Gupta wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74753/
> ---
> 
> (Updated Dec. 19, 2023, 9:57 a.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, 
> sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4521
> https://issues.apache.org/jira/browse/RANGER-4521
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Some audit entries for keyadmin user are missing when filtered using 
> sessionID or Audit Type = Ranger Policy. Also when moved to next page most 
> audit entries are missing
> 
> (Audits for import and export are shown, audit corresponding to policy crud 
> operation is missing for keyadmin user)
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
> 9d9e0bbc0 
> 
> 
> Diff: https://reviews.apache.org/r/74753/diff/5/
> 
> 
> Testing
> ---
> 
> Tested All audits are displayed properly with filter and without filter for 
> admin and keyadmin user.
> 
> 
> Thanks,
> 
> Rakesh Gupta
> 
>

[jira] [Created] (RANGER-4634) Need cascade delete for service

2024-01-07 Thread Prashant Satam (Jira) 
Prashant Satam created RANGER-4634:
--

 Summary: Need cascade delete for service
 Key: RANGER-4634
 URL: https://issues.apache.org/jira/browse/RANGER-4634
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Prashant Satam






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4634) Need cascade delete for service

2024-01-07 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam updated RANGER-4634:
---
Description: 
Currently when we delete a service which has datashares and related entities 
connected  to it we get error while deleting the service.

It is Expected that we should be able to delete the service by cascade deleting 
the datashares and related entities connected to this service

> Need cascade delete for service
> ---
>
> Key: RANGER-4634
> URL: https://issues.apache.org/jira/browse/RANGER-4634
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Prashant Satam
>Priority: Major
>
> Currently when we delete a service which has datashares and related entities 
> connected  to it we get error while deleting the service.
> It is Expected that we should be able to delete the service by cascade 
> deleting the datashares and related entities connected to this service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4634) Need cascade delete for service

2024-01-07 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam updated RANGER-4634:
---
Description: 
Currently when we delete a service which has datashares and related 
entities(i.e shared-resources, dataShareInDatasets) connected  to it we get 
error while deleting the service.

It is Expected that we should be able to delete the service by cascade deleting 
the datashares and related entities connected to this service

  was:
Currently when we delete a service which has datashares and related entities 
connected  to it we get error while deleting the service.

It is Expected that we should be able to delete the service by cascade deleting 
the datashares and related entities connected to this service


> Need cascade delete for service
> ---
>
> Key: RANGER-4634
> URL: https://issues.apache.org/jira/browse/RANGER-4634
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Prashant Satam
>Priority: Major
>
> Currently when we delete a service which has datashares and related 
> entities(i.e shared-resources, dataShareInDatasets) connected  to it we get 
> error while deleting the service.
> It is Expected that we should be able to delete the service by cascade 
> deleting the datashares and related entities connected to this service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74821: RANGER-4634 : Need cascade delete for service

2024-01-07 Thread Prashant Satam 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74821/
---

Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan 
Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita 
Ubale.


Bugs: RANGER-4634
https://issues.apache.org/jira/browse/RANGER-4634


Repository: ranger


Description
---

Currently when we delete a service which has datashares and related 
entities(i.e shared-resources, dataShareInDatasets) connected  to it we get 
error while deleting the service.

It is Expected that we should be able to delete the service by cascade deleting 
the datashares and related entities connected to this service


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
49386d08c 


Diff: https://reviews.apache.org/r/74821/diff/1/


Testing
---

Steps to check
1)create a resource service 
2)create a datashare and link it to the service
3)delete this service ,Now the service will be deleted and the connected 
datashare will be deleted


Thanks,

Prashant Satam

[jira] [Assigned] (RANGER-4634) Need cascade delete for service

2024-01-07 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam reassigned RANGER-4634:
--

Assignee: Prashant Satam

> Need cascade delete for service
> ---
>
> Key: RANGER-4634
> URL: https://issues.apache.org/jira/browse/RANGER-4634
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Prashant Satam
>Assignee: Prashant Satam
>Priority: Major
>
> Currently when we delete a service which has datashares and related 
> entities(i.e shared-resources, dataShareInDatasets) connected  to it we get 
> error while deleting the service.
> It is Expected that we should be able to delete the service by cascade 
> deleting the datashares and related entities connected to this service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4635) User with no access can able to replicate schema of a table using temporary table creation via "LIKE"

2024-01-07 Thread Kundan Kumar Jha (Jira) 
Kundan Kumar Jha created RANGER-4635:


 Summary: User with no access can able to replicate schema of a 
table using temporary table creation via "LIKE"
 Key: RANGER-4635
 URL: https://issues.apache.org/jira/browse/RANGER-4635
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Kundan Kumar Jha


*PROBLEM STATEMENT:*
Users which don't have access on any resource can able to create a temporary 
table using"LIKE" statement with same schema as another table and extract 
schema info of non accessible table.

*STEPS TO REPRODUCE:*
1. Delete all the policies in ranger.

2. Then give all access(*, *, *) to "hive" and "user_1" via hive policy.

3. Then create a database a_db and a table a_db.a_table with schema using user 
user_1:
{code:java}
+---++--+
| col_name  | data_type  | comment  |
+---++--+
| id        | int        |          |
| name      | string     |          |
+---++--+ {code}
4. Then kinit as user_2 user(which don't have access to any resource) and 
create a temporary table like a_db.a_table using following cmd:
{code:java}
create temporary table temp_t like a_db.a_table; {code}
5. Then run following cmd to describe temporary table temp_t:
{code:java}
desc temp_t;{code}
output:
{code:java}
+---++--+
| col_name  | data_type  | comment  |
+---++--+
| id        | int        |          |
| name      | string     |          |
+---++--+ {code}
*CURRENT BEHAVIOUR:*

The temp table "temp_t" got created successfully with same schema as "a_table" 
and the user user_2 with no access can able to view the schema of a non 
accessible table.

*EXPECTED BEHAVIOUR:*
The user which doesn't have access on a table should not able to create a 
temporary table with it using "LIKE" query.

*OCCURRENCE:*
manual testing 

*IMPACT:*
User can access the schema of a non accessible table.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)