Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74825/#review226174 --- Ship it! Ship It! - Abhay Kulkarni On Jan. 24, 2024, 4:07 a.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74825/ > --- > > (Updated Jan. 24, 2024, 4:07 a.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-4638 > https://issues.apache.org/jira/browse/RANGER-4638 > > > Repository: ranger > > > Description > --- > > RANGER-4638:Multiple Columns Revoke not generating policies with correct > number of columns > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 7fe2a2eb3 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java > 0a14b387a > > agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java > f16157ce6 > > agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java > e1cd89b70 > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java > 5eee8d11a > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java > ec22e01bf > > agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceisSubSetMatcher.java > PRE-CREATION > > agents-common/src/test/resources/resourcematcher/test_defaultpolicyresource_isSubset_matcher.json > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java > 15a1e7118 > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java > 84ee31ba2 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > cc9df27d6 > security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java > 60e34c0c7 > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > a630e575b > > > Diff: https://reviews.apache.org/r/74825/diff/5/ > > > Testing > --- > > Impala / Hive beeline. > > 1) "grant select(col1, col2, col3) on table demo.test to role Role1" => > Create a Grant Policy for the given resource in Hadoop Sql > > > 2) "grant select(col1, col2, col3, col4) on table demo.test to role Role1" > => updates the policy created in #1 with new col4 resource > > if "revoke select(col1, col2, col3, col4) on table demo.test from role > Role1" is done => Since all the columns are revoked for Select, we update the > policy created in #1 with no policy Item for it. > if "revoke select(col1, col2, col3) on table demo.test from role Role1" > is done => policy created in #1 will be updated to remove col1,col2,col3 from > the policy to revoke the access. > > 3) If "revoke select(col1, col2, col3, col4) on table demo.test from role > Role1" found 2 Matching polcies, say 1st policy matched col1,col2,col3 and > 2nd Policy matched col4, then both the policies will be updated for revoking > the corresponding column access. > > 4) When Multiple Premission are there on the policy and revoke is to remove > one permission, then the policy will be updated by removing the revoked > permission. > Grant select on table demo.test to role Role1 > Grant Alter on table demo.test to role Role1 > Revoke alter table demo.test to role Role1 > > > > HBASE shell > > grant 'nifi', 'RWXCA', 'test' => create policy with 'RWXCA' access for user > nifi on table 'test'. > > > revoke 'nifi', 'test' => revoke access for user "nifi" on hbase table 'test'. > Here policy will be removed. > > > Thanks, > > Ramesh Mani > >
[jira] [Updated] (RANGER-4673) Pagination on the Ranger Admin - Plugin Status page
[ https://issues.apache.org/jira/browse/RANGER-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara updated RANGER-4673: --- Description: The Ranger Admin UI's "Plugin Status" page does not offer pagination. The UI shows only (the first random) 200 entries, we have no way to go to next pages, and the ordering/sorting on columns is only a "client side" sorting so some entries cannot be seen easily. (only if we search by Host Name for example) This is a usability issue with bigger clusters. was: The Ranger Admin UI's "Plugin Status" page does not offer pagination. The UI shows only (the first? random?) 200 entries, we have no way to go to next pages, and the ordering/sorting on columns is only a "client side" sorting so some entries cannot be seen easily. (only if we search by Host Name for example) This is a usability issue with bigger clusters. > Pagination on the Ranger Admin - Plugin Status page > --- > > Key: RANGER-4673 > URL: https://issues.apache.org/jira/browse/RANGER-4673 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > > The Ranger Admin UI's "Plugin Status" page does not offer pagination. > The UI shows only (the first random) 200 entries, we have no way to go to > next pages, and the ordering/sorting on columns is only a "client side" > sorting so some entries cannot be seen easily. (only if we search by Host > Name for example) > This is a usability issue with bigger clusters. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4673) Pagination on the Ranger Admin - Plugin Status page
[ https://issues.apache.org/jira/browse/RANGER-4673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17810902#comment-17810902 ] Dhaval Rajpara commented on RANGER-4673: Hi [~madhan], We have created a jira - [RANGER-4673|https://issues.apache.org/jira/browse/RANGER-4673], for a customer where they are facing problem while loading plugin status tab data on there bigger cluster which is having records more than 200. Therefore to resolve the this issue we are thinking of below : 1) For Plugin status tab, currently we are using client side fetching and sorting which we be removed and add a pagination same as used in other tables. 2) From server-side, curently the sorting is only available for "service name" "hostName" and "appType" colums. After we add a pagination on plugin status tab, the client side sorting will be removed and sorting will only be available on the columns supported from server-side. CC : [~dineshkumar-yadav] / [~vel] /[~mehul] / [~mugdha.varadkar] > Pagination on the Ranger Admin - Plugin Status page > --- > > Key: RANGER-4673 > URL: https://issues.apache.org/jira/browse/RANGER-4673 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > > The Ranger Admin UI's "Plugin Status" page does not offer pagination. > The UI shows only (the first? random?) 200 entries, we have no way to go to > next pages, and the ordering/sorting on columns is only a "client side" > sorting so some entries cannot be seen easily. (only if we search by Host > Name for example) > This is a usability issue with bigger clusters. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4675) Checkbox selection issue when clicking on permission label in tag-based permissions policy
[ https://issues.apache.org/jira/browse/RANGER-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4675: Description: Checkbox selection issue when clicking on permission label in tag-based permissions policy *Current Behaviour :-* * Their is an inconsistent behaviour in selection of checkbox when click on permission label in tag-based permissions policy. * For e.g, select HDFS, HIVE and select permission by clicking on permission label like read, write for both of it, it is observed any change in permission for HIVE it gets impact on HDFS permission selection. was: Checkbox selection issue when clicking on permission label in tag-based permissions policy *Current Behaviour :-* * Their is an inconsistent behaviour in selection of checkbox when click on permission label in tag-based permissions policy. * For e.g, select HDFS, HIVE and select permission by cling on permission label like read, write for both of it, it is observed any change in permission for HIVE it gets impact on HDFS permission selection. > Checkbox selection issue when clicking on permission label in tag-based > permissions policy > > > Key: RANGER-4675 > URL: https://issues.apache.org/jira/browse/RANGER-4675 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > > Checkbox selection issue when clicking on permission label in tag-based > permissions policy > *Current Behaviour :-* > * Their is an inconsistent behaviour in selection of checkbox when click on > permission label in tag-based permissions policy. > * For e.g, select HDFS, HIVE and select permission by clicking on permission > label like read, write for both of it, it is observed any change in > permission for HIVE it gets impact on HDFS permission selection. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4675) Checkbox selection issue when clicking on permission label in tag-based permissions policy
[ https://issues.apache.org/jira/browse/RANGER-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4675: Labels: ranger-react (was: ) > Checkbox selection issue when clicking on permission label in tag-based > permissions policy > > > Key: RANGER-4675 > URL: https://issues.apache.org/jira/browse/RANGER-4675 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > > Checkbox selection issue when clicking on permission label in tag-based > permissions policy > *Current Behaviour :-* > * Their is an inconsistent behaviour in selection of checkbox when click on > permission label in tag-based permissions policy. > * For e.g, select HDFS, HIVE and select permission by cling on permission > label like read, write for both of it, it is observed any change in > permission for HIVE it gets impact on HDFS permission selection. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4675) Checkbox selection issue when clicking on permission label in tag-based permissions policy
Brijesh Bhalala created RANGER-4675: --- Summary: Checkbox selection issue when clicking on permission label in tag-based permissions policy Key: RANGER-4675 URL: https://issues.apache.org/jira/browse/RANGER-4675 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Brijesh Bhalala Assignee: Brijesh Bhalala Fix For: 3.0.0 Checkbox selection issue when clicking on permission label in tag-based permissions policy *Current Behaviour :-* * Their is an inconsistent behaviour in selection of checkbox when click on permission label in tag-based permissions policy. * For e.g, select HDFS, HIVE and select permission by cling on permission label like read, write for both of it, it is observed any change in permission for HIVE it gets impact on HDFS permission selection. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] RANGER-4640: Trino ranger plugin for 433 snapshot [ranger]
respon007 commented on PR #291:
URL: https://github.com/apache/ranger/pull/291#issuecomment-1910220709
> ZooKeeper 3.5 has a transitive dependency on a zookeeper-jute artifact.
./distro/src/main/assembly/plugin-trino.xml should have
"org.apache.zookeeper:zookeeper-jute:jar:${zookeeper.version}"
>
>
> The latest version of Trino supports the update statement. vim
./ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
>
> 246 //kimdy 247 @OverRide 248 public void
checkCanUpdateTableColumns(SystemSecurityContext securityContext,
CatalogSchemaTableName table, Set updatedColumnNames) { 249 try { 250
activatePluginClassLoader(); 251
systemAccessControlImpl.checkCanUpdateTableColumns(securityContext, table,
updatedColumnNames); 252 } finally { 253 deactivatePluginClassLoader(); 254 }
255 }
>
> vim
./plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
>
> 631 // kimdy 632 @OverRide 633 public void
checkCanUpdateTableColumns(SystemSecurityContext securityContext,
CatalogSchemaTableName table, Set updatedColumnNames){ 634 for
(RangerTrinoResource res : createResource(table, updatedColumnNames)) { 635 if
(!hasPermission(res, securityContext, TrinoAccessType.UPDATE)) { 636
LOG.debug("RangerSystemAccessControl.checkCanUpdateTableColumns(" +
table.getSchemaTableName().getTableName() + ") denied"); 637
AccessDeniedException.denyUpdateTableColumns(table.getSchemaTableName().getTableName(),
updatedColumnNames); 638 } 639 } 640 }
>
> // UDPATE 추가 923 enum TrinoAccessType { 924 CREATE, DROP, SELECT, INSERT,
DELETE, USE, ALTER, ALL, GRANT, REVOKE, SHOW, IMPERSONATE, EXECUTE, UPDATE; 925
}
>
> 3. 나의 빌드 환경
>java -version
>openjdk version "17.0.7" 2023-04-18 LTS
>OpenJDK Runtime Environment Zulu17.42+19-CA (build 17.0.7+7-LTS)
>OpenJDK 64-Bit Server VM Zulu17.42+19-CA (build 17.0.7+7-LTS, mixed
mode, sharing)
>
> mvn -v Apache Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39) Maven
home: /opt/apps/maven Java version: 17.0.7, vendor: Azul Systems, Inc.,
runtime: /opt/apps/zulu17.42.19-ca-jdk17.0.7-linux_x64 Default locale: en_US,
platform encoding: UTF-8 OS name: "linux", version: "3.10.0-1160.el7.x86_64",
arch: "amd64", family: "unix"
>
> mvn clean package -DskipTests -P ranger-trino-plugin,-linux -am -pl
distro,plugin-trino,ranger-trino-plugin-shim,agents-installer,credentialbuilder
>
> 4. Lastly, ranger's group policy doesn't seem to apply well to trino. The
role policy applies well to trino.
> 5. I'm an old school poor IT guy who's not familiar with GIT, so I don't
know what form and procedure I should use to submit a proposal. I hope this was
of some help. Your efforts have been of great help to me. thank you!
@origin0099 I have tried your way,but the "Permissions" had no "Update"
option. Could you help me?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
