date:20240123

[jira] [Updated] (RANGER-4668) Need to have new local storage item for column show hide functionality in plugin status table

2024-01-23 Thread Brijesh Bhalala (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brijesh Bhalala updated RANGER-4668:

Attachment: 0001-RANGER-4668.patch

> Need to have new local storage item  for column show hide functionality in 
> plugin status table
> --
>
> Key: RANGER-4668
> URL: https://issues.apache.org/jira/browse/RANGER-4668
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Brijesh Bhalala
>Assignee: Brijesh Bhalala
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4668.patch
>
>
> Need to have new local storage item for column show hide functionality in 
> plugin status table.
> *Current Behaviour :-*
>  * The same local storage item is been used in both Access & Plugin Status
> table for column show hide functionality , this causes regression in Access 
> Table column.
> So need to make a new local storage item for column show hide functionality 
> in plugin status table.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: [PR] RANGER-4640: Trino ranger plugin for 433 snapshot [ranger]

2024-01-23 Thread via GitHub



respon007 commented on PR #291:
URL: https://github.com/apache/ranger/pull/291#issuecomment-1905848596

   > @shreyas-dview - this PR includes binary file 
ranger-3.0.0-SNAPSHOT-trino-plugin.tar.gz. Can you please remove this file and 
update the PR?
   > 
   > Would 17 be the minimum JDK version after this patch? Given many existing 
plugins require JDK8 support, it is critical to be able to build with earlier 
version JDK as well.
   
   I had resolved the problem by maven-tool-chains plugin 
(https://stackoverflow.com/questions/12414209/compile-maven-module-with-different-java-version),
 but my ranger version is 2.3.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Review Request 74844: RANGER-4663: New tag service will not be created if a tag service is selected while creating a resource service.

2024-01-23 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74844/#review226169
---


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 18, 2024, 5:21 p.m., Siddhesh Phatak wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74844/
> ---
> 
> (Updated Jan. 18, 2024, 5:21 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, Subhrat Chaudhary, and Vanita Ubale.
> 
> 
> Bugs: RANGER-4663
> https://issues.apache.org/jira/browse/RANGER-4663
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> If a tag service is selected while creating a resource service, a new tag 
> service should not be created for this resource service. This has been fixed 
> by adding the condition to check if user has selected tag service or not.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f9fd4941e 
> 
> 
> Diff: https://reviews.apache.org/r/74844/diff/1/
> 
> 
> Testing
> ---
> 
> Following cases have been tested and working as expected.
> Case 1: 
> 1) Create a service in ranger
> 2) Do not select tag service.
> 3) A resource service will be created, a new tag service will also get 
> created and it will be linked to the resource service.
> 
> Case 2: 
> 1) Create a resource service in ranger.
> 2) Select a tag service for it.
> 3) A resource service will get created, a new tag service will not get 
> created and the selected tag service will be linked to the resource service.
> 
> 
> Thanks,
> 
> Siddhesh Phatak
> 
>

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

2024-01-23 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74825/
---

(Updated Jan. 24, 2024, 4:07 a.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Fixed review comments


Bugs: RANGER-4638
https://issues.apache.org/jira/browse/RANGER-4638


Repository: ranger


Description
---

RANGER-4638:Multiple Columns Revoke not generating policies with correct number 
of columns


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 7fe2a2eb3 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
 0a14b387a 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 f16157ce6 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
 e1cd89b70 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
 5eee8d11a 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
 ec22e01bf 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceisSubSetMatcher.java
 PRE-CREATION 
  
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresource_isSubset_matcher.json
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
15a1e7118 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
84ee31ba2 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
cc9df27d6 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java 
60e34c0c7 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
a630e575b 


Diff: https://reviews.apache.org/r/74825/diff/5/

Changes: https://reviews.apache.org/r/74825/diff/4-5/


Testing
---

Impala / Hive beeline.

1) "grant select(col1, col2, col3)  on table demo.test  to role Role1"  => 
Create a Grant Policy for the given resource in Hadoop Sql
   

2) "grant select(col1, col2, col3, col4)  on table demo.test  to role Role1"  
=> updates the policy created in #1 with new col4 resource

 if  "revoke select(col1, col2, col3, col4) on table demo.test from role 
Role1" is done => Since all the columns are revoked for Select, we update the 
policy created in #1 with no policy Item for it.
 if  "revoke select(col1, col2, col3) on table demo.test from role Role1" 
is done => policy created in #1 will be updated to remove col1,col2,col3 from 
the policy to revoke the access.
 
3) If "revoke select(col1, col2, col3, col4) on table demo.test from role 
Role1" found 2 Matching polcies,  say 1st policy matched col1,col2,col3 and  
2nd Policy matched col4, then both the policies will be updated for revoking 
the corresponding column access.

4) When Multiple Premission are there on the policy and revoke is to remove one 
permission, then the policy will be updated by removing the revoked permission.
 Grant select on table demo.test  to role Role1
 Grant Alter on table demo.test  to role Role1
 Revoke alter table demo.test  to role Role1

 

HBASE shell

grant 'nifi', 'RWXCA', 'test'  => create policy with 'RWXCA' access for user 
nifi on table 'test'.


revoke 'nifi', 'test' => revoke access for user "nifi" on hbase table 'test'. 
Here policy will be removed.


Thanks,

Ramesh Mani

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

2024-01-23 Thread Ramesh Mani



> On Jan. 19, 2024, 11:12 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> > Lines 1281 (patched)
> > 
> >
> > For grant, shouldn't the update be done only on 'exact-match' policy? 
> > Else, the update might end up granting the user access to more resources. 
> > Please review and update.
> > 
> > I think current grant implementation wouldn't need any update.

Madhan, Thanks for the review. With the multiple column grant in SELECT, there 
is a possiblity that user run the grant with addition columns, in that case the 
patch does update the existing policy for that user/group/role and accesstype 
if matches. 
e.g
1) "grant select(col1, col2, col3)  on table demo.test  to role Role1"  => 
Create a Grant Policy for the given resource in Hadoop Sql

2) "grant select(col1, col2, col3, col4)  on table demo.test  to role Role1"  
=> updates the policy created in #1 with new col4 resource

Addition test cases which are covered are here. Please review this. 
https://docs.google.com/document/d/19WLt10QmxFQjBbIFRqYCpd9lY46FoEaDSPRAXUn7vow/edit#heading=h.jhpqwr2prvv8


- Ramesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74825/#review226159
---


On Jan. 24, 2024, 4:07 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74825/
> ---
> 
> (Updated Jan. 24, 2024, 4:07 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-4638
> https://issues.apache.org/jira/browse/RANGER-4638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-4638:Multiple Columns Revoke not generating policies with correct 
> number of columns
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  7fe2a2eb3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  0a14b387a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  f16157ce6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
>  e1cd89b70 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
>  5eee8d11a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
>  ec22e01bf 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceisSubSetMatcher.java
>  PRE-CREATION 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresource_isSubset_matcher.json
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
> 15a1e7118 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> 84ee31ba2 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cc9df27d6 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java 
> 60e34c0c7 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> a630e575b 
> 
> 
> Diff: https://reviews.apache.org/r/74825/diff/5/
> 
> 
> Testing
> ---
> 
> Impala / Hive beeline.
> 
> 1) "grant select(col1, col2, col3)  on table demo.test  to role Role1"  => 
> Create a Grant Policy for the given resource in Hadoop Sql
>
> 
> 2) "grant select(col1, col2, col3, col4)  on table demo.test  to role Role1"  
> => updates the policy created in #1 with new col4 resource
> 
>  if  "revoke select(col1, col2, col3, col4) on table demo.test from role 
> Role1" is done => Since all the columns are revoked for Select, we update the 
> policy created in #1 with no policy Item for it.
>  if  "revoke select(col1, col2, col3) on table demo.test from role Role1" 
> is done => policy created in #1 will be updated to remove col1,col2,col3 from 
> the policy to revoke the access.
>  
> 3) If "revoke select(col1, col2, col3, col4) on table demo.test from role 
> Role1" found 2 Matching polcies,  say 1st policy matched col1,col2,col3 and  
> 2nd Policy matched col4, then both the policies will be updated for revoking 
> the corresponding column access.
> 
> 4) When Multiple Premission are there on the policy and revoke is to remove 
> one permission, then the policy will be updated by removing the revoked 
> permission.
>  Grant select on table demo.test  to role

Re: Review Request 74850: RANGER-4669: checking users nested in roles and groups to get datasets shared with users

2024-01-23 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74850/#review226171
---


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 23, 2024, 7:45 a.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74850/
> ---
> 
> (Updated Jan. 23, 2024, 7:45 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Siddhesh Phatak.
> 
> 
> Bugs: RANGER-4669
> https://issues.apache.org/jira/browse/RANGER-4669
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When dataset is shared with a user nested in a role i.e. user < group < role, 
> and the user calls get dataset API with sharedWithMe=true, the dataset is not 
> returned in response. To fix this, we are getting the roles associated with 
> the groups associated with the calling user and updating the list of roles 
> associated with a user, before the list of role is checked with roles in the 
> policy item.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 69b43f2dc 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsPolicyAdminCache.java 
> 97d4b2579 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java
>  30d231797 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java
>  2c8721e1e 
> 
> 
> Diff: https://reviews.apache.org/r/74850/diff/1/
> 
> 
> Testing
> ---
> 
> Validated following cases for get dataset API - 
> /gds/dataset?sharedWithMe=true:
> 1. Dataset shared with group (associated with calling user) is returned in 
> response.
> 2. Dataset shared with role (associated with calling group in case 1) is 
> returned in response.
> 3. Dataset shared with public group (not directly shared with user/group/role 
> of the calling user) is returned in response.
> 
> Validated all junits are passing.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

[jira] [Created] (RANGER-4672) Tagsync log file name is not containing hostname and user

2024-01-23 Thread Himanshu Maurya (Jira)

Himanshu Maurya created RANGER-4672:
---

 Summary: Tagsync log file name is not containing hostname and user
 Key: RANGER-4672
 URL: https://issues.apache.org/jira/browse/RANGER-4672
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger, tagsync
Reporter: Himanshu Maurya
Assignee: Himanshu Maurya
 Fix For: 3.0.0






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4668) Need to have new local storage item for column show hide functionality in plugin status table

Re: [PR] RANGER-4640: Trino ranger plugin for 433 snapshot [ranger]

Re: Review Request 74844: RANGER-4663: New tag service will not be created if a tag service is selected while creating a resource service.

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

Re: Review Request 74850: RANGER-4669: checking users nested in roles and groups to get datasets shared with users

[jira] [Created] (RANGER-4672) Tagsync log file name is not containing hostname and user

7 matches

Site Navigation

Mail list logo

Footer information