[jira] [Updated] (RANGER-4907) Optimize user and group delete operation
[ https://issues.apache.org/jira/browse/RANGER-4907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4907: -- Description: If a user has large number of associations with groups, policies, the user delete operation can take large amount of time, especially while updating the policies. Since to update a policy, we have large number of validations in place. This can be even worse, if multiple user delete requests are received at the same time. We can add following optimizations to improve the user delete performance: * Remove foreign key relation of x_user with x_auth_sess, with this we can skip updating the user references in x_auth_sess when a user is deleted. * Currently all policy reference for a user are cleaned up and updated ones are added again. We can remove policy reference only for the user being deleted. * Add new policy update method, take list of policies, update only the policyText and push policy updates in bulk. was: If a user has large number of associations with groups, policies, the user delete operation can take large amount of time, especially while updating the policies. Since to update a policy, we have large number of validations in place. This can be even worse, if multiple user delete requests are received at the same time. We can add following optimizations to improve the user delete performance: * Remove foreign key relation of x_user with x_auth_sess, with this we can skip updating the user references in x_auth_sess when a user is deleted. * Currently all policy reference for a user are cleaned up and updated ones are added again. We can remove policy reference only for the user being deleted. > Optimize user and group delete operation > > > Key: RANGER-4907 > URL: https://issues.apache.org/jira/browse/RANGER-4907 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > If a user has large number of associations with groups, policies, the user > delete operation can take large amount of time, especially while updating the > policies. Since to update a policy, we have large number of validations in > place. This can be even worse, if multiple user delete requests are received > at the same time. We can add following optimizations to improve the user > delete performance: > * Remove foreign key relation of x_user with x_auth_sess, with this we can > skip updating the user references in x_auth_sess when a user is deleted. > * Currently all policy reference for a user are cleaned up and updated ones > are added again. We can remove policy reference only for the user being > deleted. > * Add new policy update method, take list of policies, update only the > policyText and push policy updates in bulk. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4907) Optimize user and group delete operation
[ https://issues.apache.org/jira/browse/RANGER-4907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4907: -- Summary: Optimize user and group delete operation (was: Optimize user and grpup delete operation) > Optimize user and group delete operation > > > Key: RANGER-4907 > URL: https://issues.apache.org/jira/browse/RANGER-4907 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > If a user has large number of associations with groups, policies, the user > delete operation can take large amount of time, especially while updating the > policies. Since to update a policy, we have large number of validations in > place. This can be even worse, if multiple user delete requests are received > at the same time. We can add following optimizations to improve the user > delete performance: > * Remove foreign key relation of x_user with x_auth_sess, with this we can > skip updating the user references in x_auth_sess when a user is deleted. > * Currently all policy reference for a user are cleaned up and updated ones > are added again. We can remove policy reference only for the user being > deleted. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4907) Optimize user and grpup delete operation
[ https://issues.apache.org/jira/browse/RANGER-4907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4907: -- Summary: Optimize user and grpup delete operation (was: Optimize user delete operation) > Optimize user and grpup delete operation > > > Key: RANGER-4907 > URL: https://issues.apache.org/jira/browse/RANGER-4907 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > If a user has large number of associations with groups, policies, the user > delete operation can take large amount of time, especially while updating the > policies. Since to update a policy, we have large number of validations in > place. This can be even worse, if multiple user delete requests are received > at the same time. We can add following optimizations to improve the user > delete performance: > * Remove foreign key relation of x_user with x_auth_sess, with this we can > skip updating the user references in x_auth_sess when a user is deleted. > * Currently all policy reference for a user are cleaned up and updated ones > are added again. We can remove policy reference only for the user being > deleted. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4907) Optimize user delete operation
[ https://issues.apache.org/jira/browse/RANGER-4907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17877966#comment-17877966 ] Subhrat Chaudhary commented on RANGER-4907: --- Hi [~abhi_2110] , thanks for the suggestion, but the approach mentioned in RANGER-4246 will not help much, since for policy update we have many checks which make DB calls. We can improve this drastically, by adding following changes: * remove user-group associations based on id, instead of deleting the objects as suggested in RANGER-3681 * overload policy update method to update only the policyText in ranger policy, since no other change is being made. With these changes we can see improvement in user deletion from 8 min to 10 sec (for a user with 10k groups and 10k policies). I will share the patch shortly for same. > Optimize user delete operation > -- > > Key: RANGER-4907 > URL: https://issues.apache.org/jira/browse/RANGER-4907 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > If a user has large number of associations with groups, policies, the user > delete operation can take large amount of time, especially while updating the > policies. Since to update a policy, we have large number of validations in > place. This can be even worse, if multiple user delete requests are received > at the same time. We can add following optimizations to improve the user > delete performance: > * Remove foreign key relation of x_user with x_auth_sess, with this we can > skip updating the user references in x_auth_sess when a user is deleted. > * Currently all policy reference for a user are cleaned up and updated ones > are added again. We can remove policy reference only for the user being > deleted. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4907) Optimize user delete operation
Subhrat Chaudhary created RANGER-4907: - Summary: Optimize user delete operation Key: RANGER-4907 URL: https://issues.apache.org/jira/browse/RANGER-4907 Project: Ranger Issue Type: Improvement Components: admin Reporter: Subhrat Chaudhary Assignee: Subhrat Chaudhary If a user has large number of associations with groups, policies, the user delete operation can take large amount of time, especially while updating the policies. Since to update a policy, we have large number of validations in place. This can be even worse, if multiple user delete requests are received at the same time. We can add following optimizations to improve the user delete performance: * Remove foreign key relation of x_user with x_auth_sess, with this we can skip updating the user references in x_auth_sess when a user is deleted. * Currently all policy reference for a user are cleaned up and updated ones are added again. We can remove policy reference only for the user being deleted. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4827) Implement evaluation of row-filter and masking expression for GDS
[ https://issues.apache.org/jira/browse/RANGER-4827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4827: -- Description: Currently in GDS implementation, we have provision to ad row-filter and masking expression in the RangerGds.RangerSharedResource. But these are not evaluated during dataset policy evaluation. To extend the support of GDS in ranger, we can add evaluation of row-filter and masking expressions. There can be one complexity while evaluation of row-filter and masking expressions for GDS: For example: a dataset is linked with multiple SharedResource, with overlapping resources and the SharedResource has row-filter or masking expression added. In such case which expression should we consider for evaluation? We need to address check and above issue. Updates on the implementation approach: Row filter RangerGds.RangerSharedResource.rowFilter holds the row filter definition for the SharedResource. The SharedResource can be associated with n number of DataShare -> Dataset. We have implement in following sequence: 1. Get all the row filter associated with the asked resource i.e traverse through SharedResource > DataShare > Dataset associations. 2. Evaluate dataset policies for the resource (associated datasets) remove row filter from the list, for which link dataset policy is not valid for the current user. 3. After this if there are mulple row filters in the list, pick the first in the list sorted in the dictionary order of the SharedResource name. Mask RangerGds.RangerSharedResource.subResourceMasks holds the mask definition for the SharedResource. Also RangerGds.RangerDataShare.defaultTagMasks are defined in the dataShare. The SharedResource can be associated with n number of DataShare -> Dataset. We have implement in following sequence: 1. Get all the masks associated with the asked resource i.e traverse through SharedResource > DataShare > Dataset associations, with details like whether mask is in sharedResource or dataShare 2. Evaluate dataset policies for the resource (associated datasets) remove masks from the list, for which link dataset policy is not valid for the current user. 3. After this if there are mulple row filters in the list, pick the first in the list sorted in the dictionary order of the SharedResource name. 4. In case we have mask at both sharedResource and dataShare, the mask in dataShare will be given priority. was: Currently in GDS implementation, we have provision to ad row-filter and masking expression in the RangerGds.RangerSharedResource. But these are not evaluated during dataset policy evaluation. To extend the support of GDS in ranger, we can add evaluation of row-filter and masking expressions. There can be one complexity while evaluation of row-filter and masking expressions for GDS: For example: a dataset is linked with multiple SharedResource, with overlapping resources and the SharedResource has row-filter or masking expression added. In such case which expression should we consider for evaluation? We need to address check and above issue. > Implement evaluation of row-filter and masking expression for GDS > - > > Key: RANGER-4827 > URL: https://issues.apache.org/jira/browse/RANGER-4827 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Subhrat Chaudhary >Priority: Major > > Currently in GDS implementation, we have provision to ad row-filter and > masking expression in the RangerGds.RangerSharedResource. But these are not > evaluated during dataset policy evaluation. To extend the support of GDS in > ranger, we can add evaluation of row-filter and masking expressions. > There can be one complexity while evaluation of row-filter and masking > expressions for GDS: > For example: a dataset is linked with multiple SharedResource, with > overlapping resources and the SharedResource has row-filter or masking > expression added. In such case which expression should we consider for > evaluation? > We need to address check and above issue. > > > Updates on the implementation approach: > Row filter > RangerGds.RangerSharedResource.rowFilter holds the row filter definition for > the SharedResource. The SharedResource can be associated with n number of > DataShare -> Dataset. > We have implement in following sequence: > 1. Get all the row filter associated with the asked resource i.e traverse > through SharedResource > DataShare > Dataset associations. > 2. Evaluate dataset policies for the resource (associated datasets) remove > row filter from the list, for which link dataset policy is not valid for the > current user. > 3. After this if there are mulple row filters in the list, pick the first in > the list sorted in the diction
[jira] [Created] (RANGER-4827) Implement evaluation of row-filter and masking expression for GDS
Subhrat Chaudhary created RANGER-4827: - Summary: Implement evaluation of row-filter and masking expression for GDS Key: RANGER-4827 URL: https://issues.apache.org/jira/browse/RANGER-4827 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Subhrat Chaudhary Currently in GDS implementation, we have provision to ad row-filter and masking expression in the RangerGds.RangerSharedResource. But these are not evaluated during dataset policy evaluation. To extend the support of GDS in ranger, we can add evaluation of row-filter and masking expressions. There can be one complexity while evaluation of row-filter and masking expressions for GDS: For example: a dataset is linked with multiple SharedResource, with overlapping resources and the SharedResource has row-filter or masking expression added. In such case which expression should we consider for evaluation? We need to address check and above issue. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4826) Add group or role information in the access audits
Subhrat Chaudhary created RANGER-4826:
-
Summary: Add group or role information in the access audits
Key: RANGER-4826
URL: https://issues.apache.org/jira/browse/RANGER-4826
Project: Ranger
Issue Type: Improvement
Components: audit, plugins
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
Currently when access audits are generated for any operation, only the user
name is added in the AuthzAuditEvent object, for the user who requested access.
But in many cases, the user gets access though some group or role, of which the
user is a member. In these cases, the group or role details is not added to the
audit event.
It could be useful for the system administrator or end user, to get the details
of group or role through which the user got access.
Please find the details of the approach:
* We can update the principal with which user got access in {{finally}} block
of {{RangerPolicyEngineImpl.evaluateAuditPolicies}}
* We will need to add fields group and role to {{AuthzAuditEvent}}
* The audit principal can be updated to audit event in
{{RangerDefaultAuditHandler.getAuthzEvents}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4784) Tag-Based - default policy is not created for tag added to security zone
[ https://issues.apache.org/jira/browse/RANGER-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4784: -- Description: *Steps:* * Create security zone, add tag service while creating security zone * Go to tag based policy->Select Security zone from the dropdown * Confirm that default policy EXPIRES_ON is created in the security zone *Expected Response:* Default Tag based policy EXPIRES_ON should get created in security zone *Actual Response:* Default Tag based policy EXPIRES_ON is not getting created in security zone was: *Steps:* * Create security zone, add privacera_tag service while creating security zone * Go to tag based policy->Select Security zone from the dropdown * Confirm that default policy EXPIRES_ON is created in the security zone *Expected Response:* Default Tag based policy EXPIRES_ON should get created in security zone *Actual Response:* Default Tag based policy EXPIRES_ON is not getting created in security zone > Tag-Based - default policy is not created for tag added to security zone > > > Key: RANGER-4784 > URL: https://issues.apache.org/jira/browse/RANGER-4784 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Vanita Shankar Ubale >Assignee: Subhrat Chaudhary >Priority: Major > > *Steps:* > * Create security zone, add tag service while creating security zone > * Go to tag based policy->Select Security zone from the dropdown > * Confirm that default policy EXPIRES_ON is created in the security zone > *Expected Response:* > Default Tag based policy EXPIRES_ON should get created in security zone > *Actual Response:* > Default Tag based policy EXPIRES_ON is not getting created in security zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4784) Tag-Based - default policy is not created for tag added to security zone
[ https://issues.apache.org/jira/browse/RANGER-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4784: -- Summary: Tag-Based - default policy is not created for tag added to security zone (was: Tag-Based - default policy is not created for privacera_tag added to security zone) > Tag-Based - default policy is not created for tag added to security zone > > > Key: RANGER-4784 > URL: https://issues.apache.org/jira/browse/RANGER-4784 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Vanita Shankar Ubale >Assignee: Subhrat Chaudhary >Priority: Major > > *Steps:* > * Create security zone, add privacera_tag service while creating security > zone > * Go to tag based policy->Select Security zone from the dropdown > * Confirm that default policy EXPIRES_ON is created in the security zone > *Expected Response:* > Default Tag based policy EXPIRES_ON should get created in security zone > *Actual Response:* > Default Tag based policy EXPIRES_ON is not getting created in security zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4789) Admin audits for security-zone are blank for new and old value, when compression is enabled
[
https://issues.apache.org/jira/browse/RANGER-4789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4789:
--
Attachment: audit.png
> Admin audits for security-zone are blank for new and old value, when
> compression is enabled
> ---
>
> Key: RANGER-4789
> URL: https://issues.apache.org/jira/browse/RANGER-4789
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
> Attachments: audit.png
>
>
> In security-zone when resource name is updated, admin audit is generated for
> same, with details about old and new value.
> When the json data compression is enabled in the security-zone with the
> property:
> {code:java}
> ranger.admin.store.security.zone.compress.json_data{code}
> the old and new value in the generated admin audit is blank, when only the
> resource name is changed. The reason for this is, if compression is enabled,
> only the resource count is added in the new and old values. Hence if the
> resource count does not change, change details in the admin audit is blank.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4789) Admin audits for security-zone are blank for new and old value, when compression is enabled
Subhrat Chaudhary created RANGER-4789:
-
Summary: Admin audits for security-zone are blank for new and old
value, when compression is enabled
Key: RANGER-4789
URL: https://issues.apache.org/jira/browse/RANGER-4789
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
In security-zone when resource name is updated, admin audit is generated for
same, with details about old and new value.
When the json data compression is enabled in the security-zone with the
property:
{code:java}
ranger.admin.store.security.zone.compress.json_data{code}
the old and new value in the generated admin audit is blank, when only the
resource name is changed. The reason for this is, if compression is enabled,
only the resource count is added in the new and old values. Hence if the
resource count does not change, change details in the admin audit is blank.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4784) Tag-Based - default policy is not created for privacera_tag added to security zone
[ https://issues.apache.org/jira/browse/RANGER-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4784: - Assignee: Subhrat Chaudhary > Tag-Based - default policy is not created for privacera_tag added to security > zone > -- > > Key: RANGER-4784 > URL: https://issues.apache.org/jira/browse/RANGER-4784 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Vanita Shankar Ubale >Assignee: Subhrat Chaudhary >Priority: Major > > *Steps:* > * Create security zone, add privacera_tag service while creating security > zone > * Go to tag based policy->Select Security zone from the dropdown > * Confirm that default policy EXPIRES_ON is created in the security zone > *Expected Response:* > Default Tag based policy EXPIRES_ON should get created in security zone > *Actual Response:* > Default Tag based policy EXPIRES_ON is not getting created in security zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4727) When tagDef delete fails, error message is not returned
Subhrat Chaudhary created RANGER-4727:
-
Summary: When tagDef delete fails, error message is not returned
Key: RANGER-4727
URL: https://issues.apache.org/jira/browse/RANGER-4727
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
When tagDef and a linked tag is created, and delete of the tagDef is attempted
with DELETE API - /service/tags/tagdef/\{tagDefId}, it fails with 400 and no
error message is returned. It will be helpful if we can return proper error
message about why the delete operation failed.
Please find the steps to reproduce:
* Create a tag with PUT API - /service/tags/importservicetags
{code:java}
{
"op": "add_or_update",
"serviceName": "hive_1",
"tagVersion": 0,
"tagDefinitions": {
"0": {
"name": "PII_LOCATION",
"source": "Atlas",
"attributeDefs": [
{
"name": "names",
"type": "String"
}
],
"id": 0,
"isEnabled": true
}
},
"tags": {
"0": {
"type": "PII_LOCATION",
"owner": 0,
"attributes": {
"location": "mumbai"
},
"id": 0,
"isEnabled": true
}
},
"serviceResources": [
{
"serviceName": "hive_1",
"resourceElements": {
"database": {
"values": [
"temp_db"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"employee"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"location"
],
"isExcludes": false,
"isRecursive": false
}
},
"id": 0,
"isEnabled": true
}
],
"resourceToTagIds": {
"0": [
0
]
}
} {code}
* Confirm respective tag and tagDef are added to DB.
* Delete the tagDef with DELETE API - /service/tags/tagdef/\{tagDefId}.
* Delete operation fails with 400 - Bad Request, no error message and empty
body.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4669) Nested user in role is not conisdered when getting datasets shared with user
Subhrat Chaudhary created RANGER-4669: - Summary: Nested user in role is not conisdered when getting datasets shared with user Key: RANGER-4669 URL: https://issues.apache.org/jira/browse/RANGER-4669 Project: Ranger Issue Type: Bug Components: admin Reporter: Subhrat Chaudhary Assignee: Subhrat Chaudhary When dataset is shared with a user nested in a role i.e. user < group < role, and the user calls get dataset API with sharedWithMe=true, the dataset is not returned in response. Please find the steps to reproduce: * Add a user user1 with ranger role - USER. * Add a group grp1, map grp1 with user user1. * Create a role - role1, add the group grp1 to the role role1. * Create a dataset - ds1 with any other user as admin i.e. user2. * Create a dataset policy for the dataset - ds1, with all access to the role - role1. * Call the get dataset API with query-param sharedWithMe=true - /gds/dataset?sharedWithMe=true. Expected: the dataset ds1 will be returned in the response. Actual: the dataset ds1 is not returned in the response -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4664) SQL Exception is thrown, if resource is null in POST sharedResource API
[
https://issues.apache.org/jira/browse/RANGER-4664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reassigned RANGER-4664:
-
Assignee: Subhrat Chaudhary
> SQL Exception is thrown, if resource is null in POST sharedResource API
> ---
>
> Key: RANGER-4664
> URL: https://issues.apache.org/jira/browse/RANGER-4664
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
>
> If resource is not passed in sharedResource request body (POST API
> /service/gds/resource):
>
> {code:java}
> {
> "name": "SHR4",
> "dataShareId": 5,
> "resource": { }
> }{code}
>
> Following error is received:
>
> {code:java}
> {
> "statusCode": 1,
> "msgDesc": "Exception [EclipseLink-4002] (Eclipse Persistence Services -
> 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> java.sql.SQLIntegrityConstraintViolationException: (conn=106) Column
> 'resource' cannot be null\nError Code: 1048\nCall: INSERT INTO
> x_gds_shared_resource (access_types, ADDED_BY_ID, additional_info,
> condition_expr, CREATE_TIME, data_share_id, description, guid, is_enabled,
> name, options, profiles, resource, resource_signature, row_filter,
> sub_resource, sub_resource_masks, sub_resource_type, UPDATE_TIME, UPD_BY_ID,
> version) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
> ?)\n\tbind => [21 parameters bound]\nQuery:
> ValueReadQuery(name=\"X_GDS_SHARED_RESOURCE_SEQ\" sql=\"SELECT
> LAST_INSERT_ID()\")"
> }{code}
> Ideally in response, HTTP Status code 400 (Bad request) should be thrown with
> custom error message.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4664) SQL Exception is thrown, if resource is null in POST sharedResource API
Subhrat Chaudhary created RANGER-4664:
-
Summary: SQL Exception is thrown, if resource is null in POST
sharedResource API
Key: RANGER-4664
URL: https://issues.apache.org/jira/browse/RANGER-4664
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Subhrat Chaudhary
If resource is not passed in sharedResource request body (POST API
/service/gds/resource):
{code:java}
{
"name": "SHR4",
"dataShareId": 5,
"resource": { }
}{code}
Following error is received:
{code:java}
{
"statusCode": 1,
"msgDesc": "Exception [EclipseLink-4002] (Eclipse Persistence Services -
2.7.12.v20230209-e5c4074ef3):
org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
java.sql.SQLIntegrityConstraintViolationException: (conn=106) Column 'resource'
cannot be null\nError Code: 1048\nCall: INSERT INTO x_gds_shared_resource
(access_types, ADDED_BY_ID, additional_info, condition_expr, CREATE_TIME,
data_share_id, description, guid, is_enabled, name, options, profiles,
resource, resource_signature, row_filter, sub_resource, sub_resource_masks,
sub_resource_type, UPDATE_TIME, UPD_BY_ID, version) VALUES (?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [21 parameters
bound]\nQuery: ValueReadQuery(name=\"X_GDS_SHARED_RESOURCE_SEQ\" sql=\"SELECT
LAST_INSERT_ID()\")"
}{code}
Ideally in response, HTTP Status code 400 (Bad request) should be thrown with
custom error message.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4430) Create datshare and sharedResource in cascade
[ https://issues.apache.org/jira/browse/RANGER-4430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17801653#comment-17801653 ] Subhrat Chaudhary commented on RANGER-4430: --- Marking as invalid, since we are using individual sharedResource and dataShare APIs to create. > Create datshare and sharedResource in cascade > - > > Key: RANGER-4430 > URL: https://issues.apache.org/jira/browse/RANGER-4430 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Currently we have separate APIs to create Datashare and SharedResource. We > need a single API to receive custom object with datashare and mapped > sharedResources. > We need to first create datashare and created sharedResources with id of the > newly created datashare. This has to be done in a transaction. Created > datashare will have ACL with ADMIN permission for the creating user. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4430) Create datshare and sharedResource in cascade
[ https://issues.apache.org/jira/browse/RANGER-4430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary resolved RANGER-4430. --- Resolution: Invalid > Create datshare and sharedResource in cascade > - > > Key: RANGER-4430 > URL: https://issues.apache.org/jira/browse/RANGER-4430 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Currently we have separate APIs to create Datashare and SharedResource. We > need a single API to receive custom object with datashare and mapped > sharedResources. > We need to first create datashare and created sharedResources with id of the > newly created datashare. This has to be done in a transaction. Created > datashare will have ACL with ADMIN permission for the creating user. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4624) Add java patch to update changes in db
Subhrat Chaudhary created RANGER-4624:
-
Summary: Add java patch to update changes in db
Key: RANGER-4624
URL: https://issues.apache.org/jira/browse/RANGER-4624
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
We need to add java patches so for existing users, on upgrade following changes
are made in db:
* {{x_access_type_def.category}}
* {{{}x_service_version_info.gds_version{}}}{{{}{}}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4535) GET dataset API should return public:LIST in ACL if available
[
https://issues.apache.org/jira/browse/RANGER-4535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reassigned RANGER-4535:
-
Assignee: Subhrat Chaudhary
> GET dataset API should return public:LIST in ACL if available
> -
>
> Key: RANGER-4535
> URL: https://issues.apache.org/jira/browse/RANGER-4535
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed
> in query-param, available ACLs are not returned in the dataset.
> It will be helpful to know, if the current dataset is accessible to public
> group (which can be eventually used by the depending applications). We can
> add the the ACL, in the returned dataset (if available):
> {code:java}
> "groups": { "public": "LIST" }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4535) GET dataset API should return public:LIST in ACL if available
Subhrat Chaudhary created RANGER-4535:
-
Summary: GET dataset API should return public:LIST in ACL if
available
Key: RANGER-4535
URL: https://issues.apache.org/jira/browse/RANGER-4535
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed
in query-param, available ACLs are not returned in the dataset.
It will be helpful to know, if the current dataset is accessible to public
group (which can be eventually used by the depending applications). We can add
the the ACL, in the returned dataset (if available):
{code:java}
"groups": { "public": "LIST" }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4517) Sort param sortType not considered if sortBy not passed
[
https://issues.apache.org/jira/browse/RANGER-4517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reassigned RANGER-4517:
-
Assignee: Subhrat Chaudhary
> Sort param sortType not considered if sortBy not passed
> ---
>
> Key: RANGER-4517
> URL: https://issues.apache.org/jira/browse/RANGER-4517
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> The sort param sortType is not considered if sortBy is not passed in the
> query-param. Please consider following case:
> * The GET API /service/gds/dataset has default sortType=asc and
> sortBy=datasetId.
> * Please find the query-param input and actual responses received:
>
> ||Request - sortBy||Request - sortType||Response - sortBy||Response -
> sortType||
> |Not passed|Not passed|datasetId|asc|
> |datasetName|Not passed|datasetName|asc|
> |datasetName|desc|datasetName|desc|
> |{color:#FF}Not
> passed{color}|{color:#FF}desc{color}|{color:#FF}datasetId{color}|{color:#FF}asc{color}|
> |datasetId|desc|datasetId|desc|
> As noticed above if the sortBy is not passed in the request query-param
> sortType param is not considered.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4517) Sort param sortType not considered if sortBy not passed
Subhrat Chaudhary created RANGER-4517:
-
Summary: Sort param sortType not considered if sortBy not passed
Key: RANGER-4517
URL: https://issues.apache.org/jira/browse/RANGER-4517
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
The sort param sortType is not considered if sortBy is not passed in the
query-param. Please consider following case:
* The GET API /service/gds/dataset has default sortType=asc and
sortBy=datasetId.
* Please find the query-param input and actual responses received:
||Request - sortBy||Request - sortType||Response - sortBy||Response - sortType||
|Not passed|Not passed|datasetId|asc|
|datasetName|Not passed|datasetName|asc|
|datasetName|desc|datasetName|desc|
|{color:#FF}Not
passed{color}|{color:#FF}desc{color}|{color:#FF}datasetId{color}|{color:#FF}asc{color}|
|datasetId|desc|datasetId|desc|
As noticed above if the sortBy is not passed in the request query-param
sortType param is not considered.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4432) Need a new API for service lookup
[ https://issues.apache.org/jira/browse/RANGER-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary resolved RANGER-4432. --- Resolution: Workaround > Need a new API for service lookup > - > > Key: RANGER-4432 > URL: https://issues.apache.org/jira/browse/RANGER-4432 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > We need to new API to run lookup on ranger services, with support for > zoneName and zoneId as query-param. This will be used in GDS >> DataShare > Listing >> Create DataShare >> Basic Details (Step 1) >> Select Zone >> Get > all service related to zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4432) Need a new API for service lookup
[
https://issues.apache.org/jira/browse/RANGER-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17782525#comment-17782525
]
Subhrat Chaudhary commented on RANGER-4432:
---
This requirement is being covered by
/public/v2/api/zones/\{zoneId}/service-headers, hence marking this as resolved.
> Need a new API for service lookup
> -
>
> Key: RANGER-4432
> URL: https://issues.apache.org/jira/browse/RANGER-4432
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need to new API to run lookup on ranger services, with support for
> zoneName and zoneId as query-param. This will be used in GDS >> DataShare
> Listing >> Create DataShare >> Basic Details (Step 1) >> Select Zone >> Get
> all service related to zone
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4428) Need a new API to get list of zones mapped to a service
[
https://issues.apache.org/jira/browse/RANGER-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17782504#comment-17782504
]
Subhrat Chaudhary commented on RANGER-4428:
---
This requirement is covered with existing APIS -
/api/zones/zone-headers/for-service/\{serviceId},
/api/zones/\{zoneId}/service-headers. Hence marking this as invalid.
> Need a new API to get list of zones mapped to a service
> ---
>
> Key: RANGER-4428
> URL: https://issues.apache.org/jira/browse/RANGER-4428
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Prashant Satam
>Priority: Major
>
> Need a new API to get list of zones mapped to a service for the Create
> Datashare >> Step 2 > Select Service >> Select Zone
> Request: serviceId will received in params
> Response: {color:#00}Map{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4432) Need a new API for service lookup
[ https://issues.apache.org/jira/browse/RANGER-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4432: - Assignee: Subhrat Chaudhary > Need a new API for service lookup > - > > Key: RANGER-4432 > URL: https://issues.apache.org/jira/browse/RANGER-4432 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > We need to new API to run lookup on ranger services, with support for > zoneName and zoneId as query-param. This will be used in GDS >> DataShare > Listing >> Create DataShare >> Basic Details (Step 1) >> Select Zone >> Get > all service related to zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4432) Need a new API for service lookup
[ https://issues.apache.org/jira/browse/RANGER-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4432: -- Description: We need to new API to run lookup on ranger services, with support for zoneName and zoneId as query-param. This will be used in GDS >> DataShare Listing >> Create DataShare >> Basic Details (Step 1) >> Select Zone >> Get all service related to zone (was: We need to new API to run lookup on security-zones, with support for serviceName as query-param) > Need a new API for service lookup > - > > Key: RANGER-4432 > URL: https://issues.apache.org/jira/browse/RANGER-4432 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > We need to new API to run lookup on ranger services, with support for > zoneName and zoneId as query-param. This will be used in GDS >> DataShare > Listing >> Create DataShare >> Basic Details (Step 1) >> Select Zone >> Get > all service related to zone -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4432) Need a new API for service lookup
[ https://issues.apache.org/jira/browse/RANGER-4432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4432: -- Summary: Need a new API for service lookup (was: Need a new API for security-zone lookup) > Need a new API for service lookup > - > > Key: RANGER-4432 > URL: https://issues.apache.org/jira/browse/RANGER-4432 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > We need to new API to run lookup on security-zones, with support for > serviceName as query-param -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4427) Need a new API to get list of datasets for a datashare with request status
[ https://issues.apache.org/jira/browse/RANGER-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4427: -- Description: We need a new API to get list of datasets for a datashare with request status UI Flow – My Datashares >> Shared With >> Dataset list Requirement: Need List of datasets that are mapped to a datashare Details in response: datasetId, datasetname, sharedStatus, dataShareInDatasetId Filters: search by datasetNamePartial, sharedStatus Pagination needed was:We need a new API to get list of datasets for a datashare with request status > Need a new API to get list of datasets for a datashare with request status > -- > > Key: RANGER-4427 > URL: https://issues.apache.org/jira/browse/RANGER-4427 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > We need a new API to get list of datasets for a datashare with request status > UI Flow – My Datashares >> Shared With >> Dataset list > Requirement: > Need List of datasets that are mapped to a datashare > Details in response: datasetId, datasetname, sharedStatus, > dataShareInDatasetId > Filters: search by datasetNamePartial, sharedStatus > Pagination needed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4417) Add default policy for new dataset
[ https://issues.apache.org/jira/browse/RANGER-4417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4417: -- Description: When a dataset is created, a default policy should also be created for same implicitly. Since we are not creating multiple policies for Dataset currently, for convenience we decided to create a default one when a dataset is created. (was: When a dataset is created, a default policy should also be created for same implicitly.) > Add default policy for new dataset > -- > > Key: RANGER-4417 > URL: https://issues.apache.org/jira/browse/RANGER-4417 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > When a dataset is created, a default policy should also be created for same > implicitly. Since we are not creating multiple policies for Dataset > currently, for convenience we decided to create a default one when a dataset > is created. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4434) Need a new API to get list of requests for the current user
[ https://issues.apache.org/jira/browse/RANGER-4434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17778619#comment-17778619 ] Subhrat Chaudhary commented on RANGER-4434: --- Duplicate of https://issues.apache.org/jira/browse/RANGER-4434 > Need a new API to get list of requests for the current user > --- > > Key: RANGER-4434 > URL: https://issues.apache.org/jira/browse/RANGER-4434 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Need a new API to get list of requests for the current user for the My > Requests page -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4434) Need a new API to get list of requests for the current user
[ https://issues.apache.org/jira/browse/RANGER-4434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary resolved RANGER-4434. --- Resolution: Duplicate > Need a new API to get list of requests for the current user > --- > > Key: RANGER-4434 > URL: https://issues.apache.org/jira/browse/RANGER-4434 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Need a new API to get list of requests for the current user for the My > Requests page -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression
[
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4023:
--
Description:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** *Masking Option= Custom expression as below*
{code:java}
CASE WHEN id IN (${{USER.employee_id}}) THEN salary ELSE '0' END {code}
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed (as the user jack),
the expectation is {*}salary of the employee john and jane should be displayed
as it is, while for others it should be 0{*}. In actual result, salary of all
the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
was:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** {*}Masking Option= Custom ({*}{*}CASE WHEN id IN (${\{USER.employee_id}})
THEN salary ELSE '0' END{*}{*}){*}
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed (as the user jack),
the expectation is {*}salary of the employee john and jane should be displayed
as it is, while for others it should be 0{*}. In actual result, salary of all
the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
> UserStoreEnricher is not enabled if only mask conditon has attribute based
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0, 2.4.1
>
>
> We added the support for user/attribute based expressions in masking
> condition in RANGER-3865 . When only the mask condition has an user/group
> attribute based expression, RangerUserStoreEnricher is not enabled in plugin
> end.
> Steps to reproduce (for Hive):
> * Create a resource based access policy:
> ** Resources: database=testdb, table=employee, column=*
> ** Allow condition policy item: group=public, permissions=select
> * Create a masking policy:
> ** Resources: database=testdb, table=employee, column=salary
> ** Allow condition policy item: group=public, permissions=select
> ** *Masking Option= Custom expression as below*
> {code:java}
> CASE WHEN id IN (${{USER.employee_id}}) THEN salary ELSE '0' END {code}
> * Add following attributes to the user jack:
> ** *employee_id : 1,2*
> * We have following data in Hive:
> **
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
> * When *select * from testdb.employee;* query is executed (as the user
> jack), the expectation is {*}salary of the employee john and jane should be
> displayed as it is, while for others it should be 0{*}. In actual result,
> salary of all the employees is '0'.
> * In plugin end, the RangerUserstore cache file userstore.json is not
> created.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression
[
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4023:
--
Description:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** {*}Masking Option= Custom ({*}{*}CASE WHEN id IN (${\{USER.employee_id}})
THEN salary ELSE '0' END{*}{*}){*}
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed (as the user jack),
the expectation is {*}salary of the employee john and jane should be displayed
as it is, while for others it should be 0{*}. In actual result, salary of all
the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
was:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN
salary ELSE '0' END)*
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed (as the user jack),
the expectation is {*}salary of the employee john and jane should be displayed
as it is, while for others it should be 0{*}. In actual result, salary of all
the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
> UserStoreEnricher is not enabled if only mask conditon has attribute based
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0, 2.4.1
>
>
> We added the support for user/attribute based expressions in masking
> condition in RANGER-3865 . When only the mask condition has an user/group
> attribute based expression, RangerUserStoreEnricher is not enabled in plugin
> end.
> Steps to reproduce (for Hive):
> * Create a resource based access policy:
> ** Resources: database=testdb, table=employee, column=*
> ** Allow condition policy item: group=public, permissions=select
> * Create a masking policy:
> ** Resources: database=testdb, table=employee, column=salary
> ** Allow condition policy item: group=public, permissions=select
> ** {*}Masking Option= Custom ({*}{*}CASE WHEN id IN (${\{USER.employee_id}})
> THEN salary ELSE '0' END{*}{*}){*}
> * Add following attributes to the user jack:
> ** *employee_id : 1,2*
> * We have following data in Hive:
> **
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
> * When *select * from testdb.employee;* query is executed (as the user
> jack), the expectation is {*}salary of the employee john and jane should be
> displayed as it is, while for others it should be 0{*}. In actual result,
> salary of all the employees is '0'.
> * In plugin end, the RangerUserstore cache file userstore.json is not
> created.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4486) ZoneV2 partial update allows duplicate principals and tagServices
[
https://issues.apache.org/jira/browse/RANGER-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4486:
--
Description:
In RANGER-4398 , we added support for incremental updates with the PUT API -
/service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
duplicate principals (admin and auditor UGR) and tagServices.
Steps to reproduce. Create a security-zone and update with above PUT API:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
If we call the same API with same request again, it creates duplicate adminUser
and tagService as below:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697719001243,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1",
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
was:
In RANGER-4398 , we added support for incremental updates with the PUT API -
/service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
duplicate adminUsers, auditorUser and tagServices.
Steps to reproduce. Create a security-zone and update with above PUT API:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
If we call the same API with same request again, it creates duplicate adminUser
and tagService as below:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697719001243,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1",
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
> ZoneV2 partial update allows duplicate principals and tagServices
> -
>
> Key: RANGER-4486
> URL: https://issues.apache.org/jira/browse/RANGER-4486
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> In RANGER-4398 , we added support for incremental updates with the PUT API -
> /service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
> duplicate principals (admin and auditor UGR) and tagServices.
> Steps to reproduce. Create a security-zone and update with above PUT API:
> {code:java}
> {
> "id": 5,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697718906795,
> "updateTime": 1697718906796,
> "name": "zone10",
> "servic
[jira] [Updated] (RANGER-4486) ZoneV2 partial update allows duplicate principals and tagServices
[
https://issues.apache.org/jira/browse/RANGER-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4486:
--
Summary: ZoneV2 partial update allows duplicate principals and tagServices
(was: ZoneV2 partial update allows duplicate users and tagServices)
> ZoneV2 partial update allows duplicate principals and tagServices
> -
>
> Key: RANGER-4486
> URL: https://issues.apache.org/jira/browse/RANGER-4486
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> In RANGER-4398 , we added support for incremental updates with the PUT API -
> /service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
> duplicate adminUsers, auditorUser and tagServices.
> Steps to reproduce. Create a security-zone and update with above PUT API:
> {code:java}
> {
> "id": 5,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697718906795,
> "updateTime": 1697718906796,
> "name": "zone10",
> "services": {
> "hive1": {
> "resources": [
> {
> "id": 1,
> "resource": {
> "database": [
> "db10"
> ]
> }
> }
> ]
> }
> },
> "tagServicesToAdd": [
> "tag1"
> ],
> "adminsToAdd": [
> {
> "type": "USER",
> "name": "mark"
> }
> ]
> }{code}
> If we call the same API with same request again, it creates duplicate
> adminUser and tagService as below:
> {code:java}
> {
> "id": 5,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697718906795,
> "updateTime": 1697719001243,
> "name": "zone10",
> "services": {
> "hive1": {
> "resources": [
> {
> "id": 1,
> "resource": {
> "database": [
> "db10"
> ]
> }
> }
> ]
> }
> },
> "tagServices": [
> "tag1",
> "tag1"
> ],
> "admins": [
> {
> "type": "USER",
> "name": "mark"
> },
> {
> "type": "USER",
> "name": "mark"
> }
> ],
> "auditors": [
> {
> "type": "USER",
> "name": "mark"
> }
> ]
> }{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4486) ZoneV2 partial update allows duplicate users and tagServices
Subhrat Chaudhary created RANGER-4486:
-
Summary: ZoneV2 partial update allows duplicate users and
tagServices
Key: RANGER-4486
URL: https://issues.apache.org/jira/browse/RANGER-4486
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
In RANGER-4398 , we added support for incremental updates with the PUT API -
/service/public/v2/api/zones-v2/\{zoneId}/partial. This allows addition of
duplicate adminUsers, auditorUser and tagServices.
Steps to reproduce. Create a security-zone and update with above PUT API:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
If we call the same API with same request again, it creates duplicate adminUser
and tagService as below:
{code:java}
{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697719001243,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1",
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression
[
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4023:
--
Description:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN
salary ELSE '0' END)*
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed (as the user jack),
the expectation is {*}salary of the employee john and jane should be displayed
as it is, while for others it should be 0{*}. In actual result, salary of all
the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
was:
We added the support for user/attribute based expressions in masking condition
in RANGER-3865 . When only the mask condition has an user/group attribute based
expression, RangerUserStoreEnricher is not enabled in plugin end.
Steps to reproduce (for Hive):
* Create a resource based access policy:
** Resources: database=testdb, table=employee, column=*
** Allow condition policy item: group=public, permissions=select
* Create a masking policy:
** Resources: database=testdb, table=employee, column=salary
** Allow condition policy item: group=public, permissions=select
** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN
salary ELSE '0' END)*
* Add following attributes to the user jack:
** *employee_id : 1,2*
* We have following data in Hive:
**
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|
* When *select * from testdb.employee;* query is executed, the expectation is
{*}salary of the employee john and jane should be displayed as it is, while for
others it should be 0{*}. In actual result, salary of all the employees is '0'.
* In plugin end, the RangerUserstore cache file userstore.json is not created.
> UserStoreEnricher is not enabled if only mask conditon has attribute based
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0, 2.4.1
>
>
> We added the support for user/attribute based expressions in masking
> condition in RANGER-3865 . When only the mask condition has an user/group
> attribute based expression, RangerUserStoreEnricher is not enabled in plugin
> end.
> Steps to reproduce (for Hive):
> * Create a resource based access policy:
> ** Resources: database=testdb, table=employee, column=*
> ** Allow condition policy item: group=public, permissions=select
> * Create a masking policy:
> ** Resources: database=testdb, table=employee, column=salary
> ** Allow condition policy item: group=public, permissions=select
> ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN
> salary ELSE '0' END)*
> * Add following attributes to the user jack:
> ** *employee_id : 1,2*
> * We have following data in Hive:
> **
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
> * When *select * from testdb.employee;* query is executed (as the user
> jack), the expectation is {*}salary of the employee john and jane should be
> displayed as it is, while for others it should be 0{*}. In actual result,
> salary of all the employees is '0'.
> * In plugin end, the RangerUserstore cache file userstore.json is not
> created.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4469) Dataset summary API throws 403
[
https://issues.apache.org/jira/browse/RANGER-4469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4469:
--
Description:
When a dataset is created for a user with VIEW permission, and GET
datasetSummary API is called, 403 is thrown, since a user is allowed to get
dataset policies, only if the user has AUDIT or higher permissions. Steps to
reproduce:
# Created a dataset as below:
{code:java}
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": {
"users":
{ "joe": "VIEW", "admin": "ADMIN" }
},
"termsOfUse": "Gds Terms of Use"
}
{code}
2. When the GET datasetSummary API is called
[http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
{code:java}
2023-10-10 14:43:33,975 [http-nio-6080-exec-3] ERROR [RESTErrorUtil.java:126]
Access restricted. loginId=joe, logMessage=User is not authorized to view
policies for this dataset, requestInfo=RequestContext
[ipAddress=0:0:0:0:0:0:0:1, userAgent=PostmanRuntime/7.33.0,
requestURL=/service/gds/dataset/summary, deviceType=1,
serverRequestId=ceeea979-7d6b-4716-a9e7-e91d031cf70e, isSync=true,
startTime=1696949013819], timeTaken=156
javax.ws.rs.WebApplicationException: null
at
org.apache.ranger.common.RESTErrorUtil.create403RESTException(RESTErrorUtil.java:103)
at org.apache.ranger.biz.GdsDBStore.getDatasetPolicies(GdsDBStore.java:450)
at
org.apache.ranger.biz.GdsDBStore.getPrincipalCountForDataset(GdsDBStore.java:1332)
at org.apache.ranger.biz.GdsDBStore.toDatasetSummary(GdsDBStore.java:1256)
at org.apache.ranger.biz.GdsDBStore.getDatasetSummary(GdsDBStore.java:156)
at org.apache.ranger.rest.GdsREST.getDatasetSummary(GdsREST.java:308)
at
org.apache.ranger.rest.GdsREST$$FastClassBySpringCGLIB$$5397f2f3.invoke()
{code}
was:
When a dataset is created for a user with VIEW permission, and GET
datasetSummary API is called, 403 is thrown, since a user is allowed to get
dataset policies, only if the user has AUDIT or higher permissions. Steps to
reproduce:
# Created a dataset as below:
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": {
"users": {
"joe": "VIEW",
"admin": "ADMIN"
}
},
"termsOfUse": "Gds Terms of Use"
}
2. When the GET datasetSummary API is called
[http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
> Dataset summary API throws 403
> --
>
> Key: RANGER-4469
> URL: https://issues.apache.org/jira/browse/RANGER-4469
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> When a dataset is created for a user with VIEW permission, and GET
> datasetSummary API is called, 403 is thrown, since a user is allowed to get
> dataset policies, only if the user has AUDIT or higher permissions. Steps to
> reproduce:
> # Created a dataset as below:
>
> {code:java}
> {
> "id": 7,
> "guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696947157966,
> "updateTime": 1696947157967,
> "version": 1,
> "description": "This is GDS description",
> "options": {},
> "additionalInfo": {},
> "name": "DS7",
> "acl": {
> "users":
> { "joe": "VIEW", "admin": "ADMIN" }
> },
> "termsOfUse": "Gds Terms of Use"
> }
> {code}
>
> 2. When the GET datasetSummary API is called
> [http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
>
> {code:java}
>
> 2023-10-10 14:43:33,975 [http-nio-6080-exec-3] ERROR [RESTErrorUtil.java:126]
> Access restricted. loginId=joe, logMessage=User is not authorized to view
> policies for this dataset, requestInfo=RequestContext
> [ipAddress=0:0:0:0:0:0:0:1, userAgent=PostmanRuntime/7.33.0,
> requestURL=/service/gds/dataset/summary, deviceType=1,
> serverRequestId=ceeea979-7d6b-4716-a9e7-e91d031cf70e, isSync=true,
> startTime=1696949013819], timeTaken=156
> javax.ws.rs.WebApplicationException: null
> at
> org.apache.ranger.common.RESTErrorUtil.create403RESTException(RESTErrorUtil.java:103)
>
[jira] [Created] (RANGER-4469) Dataset summary API throws 403
Subhrat Chaudhary created RANGER-4469:
-
Summary: Dataset summary API throws 403
Key: RANGER-4469
URL: https://issues.apache.org/jira/browse/RANGER-4469
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
When a dataset is created for a user with VIEW permission, and GET
datasetSummary API is called, 403 is thrown, since a user is allowed to get
dataset policies, only if the user has AUDIT or higher permissions. Steps to
reproduce:
# Created a dataset as below:
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": {
"users": {
"joe": "VIEW",
"admin": "ADMIN"
}
},
"termsOfUse": "Gds Terms of Use"
}
2. When the GET datasetSummary API is called
[http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4431) Need additional filters for GET sharedResources API
[
https://issues.apache.org/jira/browse/RANGER-4431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary resolved RANGER-4431.
---
Resolution: Duplicate
Duplicate of https://issues.apache.org/jira/browse/RANGER-4459
> Need additional filters for GET sharedResources API
> ---
>
> Key: RANGER-4431
> URL: https://issues.apache.org/jira/browse/RANGER-4431
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> {color:#00}Need additional filters for GET sharedResources API -
> /gds/resource{color}
> {color:#00}Filter: sharedResourceName, resourceName - partial search
> {color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4466) Update approver when request status is updated
[ https://issues.apache.org/jira/browse/RANGER-4466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4466: - Assignee: Subhrat Chaudhary > Update approver when request status is updated > -- > > Key: RANGER-4466 > URL: https://issues.apache.org/jira/browse/RANGER-4466 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > When a request status is granted, accepted, denied the logged in user should > be updated as the approver. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4466) Update approver when request status is updated
Subhrat Chaudhary created RANGER-4466: - Summary: Update approver when request status is updated Key: RANGER-4466 URL: https://issues.apache.org/jira/browse/RANGER-4466 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary When a request status is granted, accepted, denied the logged in user should be updated as the approver. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4459) Need additional filter on GET sharedResource API
[ https://issues.apache.org/jira/browse/RANGER-4459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4459: - Assignee: Subhrat Chaudhary > Need additional filter on GET sharedResource API > > > Key: RANGER-4459 > URL: https://issues.apache.org/jira/browse/RANGER-4459 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > We need an additional filter on GET sharedResource API, where we can pass > resourceValue in query-param, based on which partial search can be executed > and records can be filtered based on resource values in the sharedResources > e.g. partial search on db names, column names etc -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4464) Need a new API to get dataShare summary
[
https://issues.apache.org/jira/browse/RANGER-4464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reassigned RANGER-4464:
-
Assignee: Subhrat Chaudhary
> Need a new API to get dataShare summary
> ---
>
> Key: RANGER-4464
> URL: https://issues.apache.org/jira/browse/RANGER-4464
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need a new API to get dataShare summary, for the dataShare listing page.
> Please find the expected dataShare response format:
> {
> "isEnabled": true,
> "id": 1,
> "serviceId": 3,
> "serviceName": "Test-SharedResource",
> "serviceType": "hive",
> "zoneId": 3,
> "zoneName": "Gds_Security_Zone",
> "resourceCount": 4,
> "name": "RangerDataShare12",
> "description": "This is RangerDatashare",
> "datasets"[
> {
> "id": 1,
> "guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695969001000,
> "updateTime": 1695969001000,
> "version": 1,
> "name": "Test_GDS_Dataset",
> "SharedStatus":"ACTIVE",
> "dshInDsId":1,
> }
> }
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4464) Need a new API to get dataShare summary
Subhrat Chaudhary created RANGER-4464:
-
Summary: Need a new API to get dataShare summary
Key: RANGER-4464
URL: https://issues.apache.org/jira/browse/RANGER-4464
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
We need a new API to get dataShare summary, for the dataShare listing page.
Please find the expected dataShare response format:
{
"isEnabled": true,
"id": 1,
"serviceId": 3,
"serviceName": "Test-SharedResource",
"serviceType": "hive",
"zoneId": 3,
"zoneName": "Gds_Security_Zone",
"resourceCount": 4,
"name": "RangerDataShare12",
"description": "This is RangerDatashare",
"datasets"[
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "Test_GDS_Dataset",
"SharedStatus":"ACTIVE",
"dshInDsId":1,
}
}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Reopened] (RANGER-4446) Need an API to return dataset summary
[
https://issues.apache.org/jira/browse/RANGER-4446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reopened RANGER-4446:
---
Reopening to add support for description in the dataset summary API response
model
> Need an API to return dataset summary
> -
>
> Key: RANGER-4446
> URL: https://issues.apache.org/jira/browse/RANGER-4446
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> In https://issues.apache.org/jira/browse/RANGER-4323 we added API to support
> DatasetHeaderInfo to return dataset details. We need additional details in
> the response:
> {code:java}
> {
> "startIndex": 0,
> "pageSize": 200,
> "totalCount": 1,
> "resultSize": 1,
> "sortType": "createTime",
> "sortBy": "desc",
> "queryTimeMS": 1695969636652,
> "list": [
> {
> "id": 1,
> "guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695969001000,
> "updateTime": 1695969001000,
> "version": 1,
> "name": "Test_GDS_Dataset",
> "principalsCountByType": {
> "ROLE": 0,
> "USER": 1,
> "GROUP": 1
> },
> "permissionForCaller": "VIEW"
> "projectsCount": 1,
> "totalResourceCount": 4,
> "dataSharesCountByStatus": {
> "REQUESTED": 2,
> "GRANTED": 3,
> "ACTIVE": 1
> }
> "dataShares"[
> {
> "id": 1,
> "guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695969001000,
> "updateTime": 1695969001000,
> "version": 1,
> "name": "dataShare1",
> "dshInDsId":1,
> "sharedStatus":"ACTIVE",
> "resourceCount": 4,
> "serviceId": 3,
> "serviceName": "Resource_policy_Performance_test_50K",
> "zoneId": 3,
> "zoneName": "Gds_Security_Zone",
> "approver": "admin"
> }
> ]
> }
> ],
> "listSize": 1
> } {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4463) PrincipalCount not getting updated in DatasetSummary
[ https://issues.apache.org/jira/browse/RANGER-4463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17772763#comment-17772763 ] Subhrat Chaudhary commented on RANGER-4463: --- Patch available for review - [https://reviews.apache.org/r/74648/] > PrincipalCount not getting updated in DatasetSummary > > > Key: RANGER-4463 > URL: https://issues.apache.org/jira/browse/RANGER-4463 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > With the changes in https://issues.apache.org/jira/browse/RANGER-4445, > dataset name is not getting added in the resources for the dataset policy. > The computation of DatasetSummary.principalsCount is based on getting > policies based on dataset name. The principalsCount is not getting updated in > DatasetSummary. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4463) PrincipalCount not getting updated in DatasetSummary
[ https://issues.apache.org/jira/browse/RANGER-4463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4463: - Assignee: Subhrat Chaudhary > PrincipalCount not getting updated in DatasetSummary > > > Key: RANGER-4463 > URL: https://issues.apache.org/jira/browse/RANGER-4463 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > With the changes in https://issues.apache.org/jira/browse/RANGER-4445, > dataset name is not getting added in the resources for the dataset policy. > The computation of DatasetSummary.principalsCount is based on getting > policies based on dataset name. The principalsCount is not getting updated in > DatasetSummary. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4463) PrincipalCount not getting updated in DatasetSummary
Subhrat Chaudhary created RANGER-4463: - Summary: PrincipalCount not getting updated in DatasetSummary Key: RANGER-4463 URL: https://issues.apache.org/jira/browse/RANGER-4463 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary With the changes in https://issues.apache.org/jira/browse/RANGER-4445, dataset name is not getting added in the resources for the dataset policy. The computation of DatasetSummary.principalsCount is based on getting policies based on dataset name. The principalsCount is not getting updated in DatasetSummary. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4447) Need a new API to get security-zone summary
[
https://issues.apache.org/jira/browse/RANGER-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary closed RANGER-4447.
-
> Need a new API to get security-zone summary
> ---
>
> Key: RANGER-4447
> URL: https://issues.apache.org/jira/browse/RANGER-4447
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need a new API to get security-zone summary, to show zone details on
> dashboard:
> {code:java}
> {
> "startIndex": 0,
> "pageSize": 2,
> "totalCount": 2,
> "resultSize": 2,
> "sortType": "desc",
> "sortBy": "createTime",
> "list": [
> {
> "id": 3,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695710459000,
> "updateTime": 1695710459000,
> "name": "Test-Zone-2",
> "Description": "This is DESCR",
> "totalResourceCount": 3,
> "adminusersCount": 1,
> "AdminGroupsCount": 1,
> "AdminRoles": 1,
> "AuditorUsersCount": 1,
> "AuditorGroupsCount": 1,
> "AuditorRoles": 1,
> "services": [
> {
> "id": 3,
> "name": "Resource_policy_Performance_test_gds",
> "type": "gds",
> "resourceCount": 2
> }
> ],
> "tagServices": [
> "tagService1",
> "tagService2"
> ]
> }
> ],
> "listSize": 2
> } {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4459) Need additional filter on GET sharedResource API
Subhrat Chaudhary created RANGER-4459: - Summary: Need additional filter on GET sharedResource API Key: RANGER-4459 URL: https://issues.apache.org/jira/browse/RANGER-4459 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary We need an additional filter on GET sharedResource API, where we can pass resourceValue in query-param, based on which partial search can be executed and records can be filtered based on resource values in the sharedResources e.g. partial search on db names, column names etc -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4457) Need a new API to get datasets for a resource name like db or column name
Subhrat Chaudhary created RANGER-4457: - Summary: Need a new API to get datasets for a resource name like db or column name Key: RANGER-4457 URL: https://issues.apache.org/jira/browse/RANGER-4457 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Need a new API to get get datasets for a resource name like db or column name. This will be used, when we delete a resource, what all datasets will affected. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4455) Dataset with ACL for "public" group List permission are not listed if the user is not added to public
Subhrat Chaudhary created RANGER-4455: - Summary: Dataset with ACL for "public" group List permission are not listed if the user is not added to public Key: RANGER-4455 URL: https://issues.apache.org/jira/browse/RANGER-4455 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Dataset with ACL for "public" group List permission are not listed, if the user is not added to public. In current ACL evaluation to get Dataset, public group is not considered. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4435) Support cascading delete for datashare
[ https://issues.apache.org/jira/browse/RANGER-4435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4435. - > Support cascading delete for datashare > -- > > Key: RANGER-4435 > URL: https://issues.apache.org/jira/browse/RANGER-4435 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > We need to support cascading delete for datashare and delete following also: > 1. delete related requests > 2. delete related sharedResources -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4426) Add field approver in dataset request entities
[ https://issues.apache.org/jira/browse/RANGER-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4426. - > Add field approver in dataset request entities > -- > > Key: RANGER-4426 > URL: https://issues.apache.org/jira/browse/RANGER-4426 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > To be able to record details of the approver of the requests i.e. request to > add datashare in dataset and request to add dataset in project. we need an > approver field in RangerDatashareInDataset and RangerDatasetInProject. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4447) Need a new API to get security-zone summary
[
https://issues.apache.org/jira/browse/RANGER-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary reassigned RANGER-4447:
-
Assignee: Subhrat Chaudhary
> Need a new API to get security-zone summary
> ---
>
> Key: RANGER-4447
> URL: https://issues.apache.org/jira/browse/RANGER-4447
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need a new API to get security-zone summary, to show zone details on
> dashboard:
> {code:java}
> {
> "startIndex": 0,
> "pageSize": 2,
> "totalCount": 2,
> "resultSize": 2,
> "sortType": "desc",
> "sortBy": "createTime",
> "list": [
> {
> "id": 3,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695710459000,
> "updateTime": 1695710459000,
> "name": "Test-Zone-2",
> "Description": "This is DESCR",
> "totalResourceCount": 3,
> "adminusersCount": 1,
> "AdminGroupsCount": 1,
> "AdminRoles": 1,
> "AuditorUsersCount": 1,
> "AuditorGroupsCount": 1,
> "AuditorRoles": 1,
> "services": [
> {
> "id": 3,
> "name": "Resource_policy_Performance_test_gds",
> "type": "gds",
> "resourceCount": 2
> }
> ],
> "tagServices": [
> "tagService1",
> "tagService2"
> ]
> }
> ],
> "listSize": 2
> } {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4448) Handle exceptions in created sharedResource
Subhrat Chaudhary created RANGER-4448:
-
Summary: Handle exceptions in created sharedResource
Key: RANGER-4448
URL: https://issues.apache.org/jira/browse/RANGER-4448
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
On the POST API call /service/gds/resource with duplicate ID following error is
thrown:
{code:java}
{"statusCode": 1,"msgDesc": "Exception [EclipseLink-4002] (Eclipse
Persistence Services - 2.7.12.v20230209-e5c4074ef3):
org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
constraint \"x_gds_shared_resource_uk_resource_signature\"\n Detail: Key
(data_share_id, resource_signature)=(3,
c5bd97fc0b8eaeb302f7498693f509178a134534cf7eb46d9edd55de71f7ab6c) already
exists.\nError Code: 0\nCall: INSERT INTO x_gds_shared_resource (id,
access_types, ADDED_BY_ID, additional_info, condition_expr, CREATE_TIME,
data_share_id, description, guid, is_enabled, name, options, profiles,
resource, resource_signature, row_filter, sub_resource_masks,
sub_resource_names, UPDATE_TIME, UPD_BY_ID, version) VALUES (?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [21 parameters bound]"}
{code}
We need to catch such exception in create API calls and return proper response.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4447) Need a new API to get security-zone summary
Subhrat Chaudhary created RANGER-4447:
-
Summary: Need a new API to get security-zone summary
Key: RANGER-4447
URL: https://issues.apache.org/jira/browse/RANGER-4447
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
We need a new API to get security-zone summary, to show zone details on
dashboard:
{code:java}
{
"startIndex": 0,
"pageSize": 2,
"totalCount": 2,
"resultSize": 2,
"sortType": "desc",
"sortBy": "createTime",
"list": [
{
"id": 3,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695710459000,
"updateTime": 1695710459000,
"name": "Test-Zone-2",
"Description": "This is DESCR",
"totalResourceCount": 3,
"adminusersCount": 1,
"AdminGroupsCount": 1,
"AdminRoles": 1,
"AuditorUsersCount": 1,
"AuditorGroupsCount": 1,
"AuditorRoles": 1,
"services": [
{
"id": 3,
"name": "Resource_policy_Performance_test_gds",
"type": "gds",
"resourceCount": 2
}
],
"tagServices": [
"tagService1",
"tagService2"
]
}
],
"listSize": 2
} {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4446) Need an API to return dataset summary
[
https://issues.apache.org/jira/browse/RANGER-4446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4446:
--
Description:
In https://issues.apache.org/jira/browse/RANGER-4323 we added API to support
DatasetHeaderInfo to return dataset details. We need additional details in the
response:
{code:java}
{
"startIndex": 0,
"pageSize": 200,
"totalCount": 1,
"resultSize": 1,
"sortType": "createTime",
"sortBy": "desc",
"queryTimeMS": 1695969636652,
"list": [
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "Test_GDS_Dataset",
"principalsCountByType": {
"ROLE": 0,
"USER": 1,
"GROUP": 1
},
"permissionForCaller": "VIEW"
"projectsCount": 1,
"totalResourceCount": 4,
"dataSharesCountByStatus": {
"REQUESTED": 2,
"GRANTED": 3,
"ACTIVE": 1
}
"dataShares"[
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "dataShare1",
"dshInDsId":1,
"sharedStatus":"ACTIVE",
"resourceCount": 4,
"serviceId": 3,
"serviceName": "Resource_policy_Performance_test_50K",
"zoneId": 3,
"zoneName": "Gds_Security_Zone",
"approver": "admin"
}
]
}
],
"listSize": 1
} {code}
was:
In https://issues.apache.org/jira/browse/RANGER-4323 we added API to support
DatasetHeaderInfo to return dataset details. We need additional details in the
response:
{
"startIndex": 0,
"pageSize": 200,
"totalCount": 1,
"resultSize": 1,
"sortType": "createTime",
"sortBy": "desc",
"queryTimeMS": 1695969636652,
"list": [
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "Test_GDS_Dataset",
"principalsCountByType": {
"ROLE": 0,
"USER": 1,
"GROUP": 1
},
"projectsCount": 1,
"totalResourceCount": 4,
"dataShares"[
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "dataShare1",
"dshInDsId":1,
"SharedStatus":"ACTIVE",
"resourceCount": 4,
"serviceId": 3,
"serviceName": "Resource_policy_Performance_test_50K",
"zoneId": 3,
"zoneName": "Gds_Security_Zone",
"approver": "admin"
}
]
}
],
"listSize": 1
}
> Need an API to return dataset summary
> -
>
> Key: RANGER-4446
> URL: https://issues.apache.org/jira/browse/RANGER-4446
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> In https://issues.apache.org/jira/browse/RANGER-4323 we added API to support
> DatasetHeaderInfo to return dataset details. We need additional details in
> the response:
> {code:java}
> {
> "startIndex": 0,
> "pageSize": 200,
> "totalCount": 1,
> "resultSize": 1,
> "sortType": "createTime",
> "sortBy": "desc",
> "queryTimeMS": 1695969636652,
> "list": [
> {
> "id": 1,
> "guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1695969001000,
>
[jira] [Created] (RANGER-4446) Need an API to return dataset summary
Subhrat Chaudhary created RANGER-4446:
-
Summary: Need an API to return dataset summary
Key: RANGER-4446
URL: https://issues.apache.org/jira/browse/RANGER-4446
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
In https://issues.apache.org/jira/browse/RANGER-4323 we added API to support
DatasetHeaderInfo to return dataset details. We need additional details in the
response:
{
"startIndex": 0,
"pageSize": 200,
"totalCount": 1,
"resultSize": 1,
"sortType": "createTime",
"sortBy": "desc",
"queryTimeMS": 1695969636652,
"list": [
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "Test_GDS_Dataset",
"principalsCountByType": {
"ROLE": 0,
"USER": 1,
"GROUP": 1
},
"projectsCount": 1,
"totalResourceCount": 4,
"dataShares"[
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "dataShare1",
"dshInDsId":1,
"SharedStatus":"ACTIVE",
"resourceCount": 4,
"serviceId": 3,
"serviceName": "Resource_policy_Performance_test_50K",
"zoneId": 3,
"zoneName": "Gds_Security_Zone",
"approver": "admin"
}
]
}
],
"listSize": 1
}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4435) Support cascading delete for datashare
[ https://issues.apache.org/jira/browse/RANGER-4435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4435: - Assignee: Subhrat Chaudhary > Support cascading delete for datashare > -- > > Key: RANGER-4435 > URL: https://issues.apache.org/jira/browse/RANGER-4435 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > We need to support cascading delete for datashare and delete following also: > 1. delete related requests > 2. delete related sharedResources -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4444) When security-zone is deleted with force, trigger cascade delete of datashare
Subhrat Chaudhary created RANGER-: - Summary: When security-zone is deleted with force, trigger cascade delete of datashare Key: RANGER- URL: https://issues.apache.org/jira/browse/RANGER- Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary When security-zone is deleted with force, trigger cascade delete of datashare also. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4442) Add loggedIn user as the admin in dataset/datshare ACL
[ https://issues.apache.org/jira/browse/RANGER-4442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4442: - Assignee: Prashant Satam (was: Subhrat Chaudhary) > Add loggedIn user as the admin in dataset/datshare ACL > -- > > Key: RANGER-4442 > URL: https://issues.apache.org/jira/browse/RANGER-4442 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > Whenever as dataset/datashare is created, current logged in user should be > added as the admin in ACL -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4443) Implement request state transition evaluation for DataShareinDataset and DatasetInProject
[ https://issues.apache.org/jira/browse/RANGER-4443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4443: -- Description: When a request is updated (DataShareinDataset and DatasetInProject), we need to do following evaluations: * Only the users allowed to updated approve/accept/activate based on ACL. * State transition should be valid e.g. request status cannot be changed from REQUESTED to ACTIVE directly. * When a request is created, if the user is admin (i.e. resource owner - datashare admin in case of DataShareinDataset and dataset admin case of DatasetInProject), permitted states should be REQUESTED/GRANTED. * When a request is created, if the user is admin on both end (i.e. datahare and dataset admin in case of DatashareInDataset), permitted state should all i.e. REQUESTED, GRANTED, ACTIVE was: When a request is updated (DataShareinDataset and DatasetInProject), we need to do following evaluations: * Only the users allowed to updated approve/accept/activate based on ACL. * State transition should be valid e.g. request status cannot be changed from REQUESTED to ACTIVE directly. > Implement request state transition evaluation for DataShareinDataset and > DatasetInProject > - > > Key: RANGER-4443 > URL: https://issues.apache.org/jira/browse/RANGER-4443 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > When a request is updated (DataShareinDataset and DatasetInProject), we need > to do following evaluations: > * Only the users allowed to updated approve/accept/activate based on ACL. > * State transition should be valid e.g. request status cannot be changed > from REQUESTED to ACTIVE directly. > * When a request is created, if the user is admin (i.e. resource owner - > datashare admin in case of DataShareinDataset and dataset admin case of > DatasetInProject), permitted states should be REQUESTED/GRANTED. > * When a request is created, if the user is admin on both end (i.e. datahare > and dataset admin in case of DatashareInDataset), permitted state should all > i.e. REQUESTED, GRANTED, ACTIVE -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4443) Implement request state transition evaluation for DataShareinDataset and DatasetInProject
Subhrat Chaudhary created RANGER-4443: - Summary: Implement request state transition evaluation for DataShareinDataset and DatasetInProject Key: RANGER-4443 URL: https://issues.apache.org/jira/browse/RANGER-4443 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary When a request is updated (DataShareinDataset and DatasetInProject), we need to do following evaluations: * Only the users allowed to updated approve/accept/activate based on ACL. * State transition should be valid e.g. request status cannot be changed from REQUESTED to ACTIVE directly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4442) Add loggedIn user as the admin in dataset/datshare ACL
Subhrat Chaudhary created RANGER-4442: - Summary: Add loggedIn user as the admin in dataset/datshare ACL Key: RANGER-4442 URL: https://issues.apache.org/jira/browse/RANGER-4442 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Assignee: Subhrat Chaudhary Whenever as dataset/datashare is created, current logged in user should be added as the admin in ACL -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4323) GDS: Need new api to get details of dataset listing page.
[ https://issues.apache.org/jira/browse/RANGER-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4323. - > GDS: Need new api to get details of dataset listing page. > - > > Key: RANGER-4323 > URL: https://issues.apache.org/jira/browse/RANGER-4323 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Anand Nadar >Assignee: Subhrat Chaudhary >Priority: Major > > Need an api which gives the below details: > * dataset id > * dataset name > * created time > * updated time > * count of datashares active and pending in dataset > * count of users/groups/roles/projects with whom dataset is shared. > This api should filter out the list of datasets according to the permission > available for the logged in user. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4439) Duplicate resource IDs are create while updating security zone
[ https://issues.apache.org/jira/browse/RANGER-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4439. - > Duplicate resource IDs are create while updating security zone > -- > > Key: RANGER-4439 > URL: https://issues.apache.org/jira/browse/RANGER-4439 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In https://issues.apache.org/jira/browse/RANGER-4398 we added support for > additional resource details with RangerSecurityZoneResourceBase. When > resource are added to a security-zone, id started from 1, instead of using id > of the last resourceBaseInfo from SecurityZone request -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4439) Duplicate resource IDs are create while updating security zone
[ https://issues.apache.org/jira/browse/RANGER-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17769629#comment-17769629 ] Subhrat Chaudhary commented on RANGER-4439: --- Review request available - [https://reviews.apache.org/r/74626/] > Duplicate resource IDs are create while updating security zone > -- > > Key: RANGER-4439 > URL: https://issues.apache.org/jira/browse/RANGER-4439 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In https://issues.apache.org/jira/browse/RANGER-4398 we added support for > additional resource details with RangerSecurityZoneResourceBase. When > resource are added to a security-zone, id started from 1, instead of using id > of the last resourceBaseInfo from SecurityZone request -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4439) Duplicate resource IDs are create while updating security zone
Subhrat Chaudhary created RANGER-4439: - Summary: Duplicate resource IDs are create while updating security zone Key: RANGER-4439 URL: https://issues.apache.org/jira/browse/RANGER-4439 Project: Ranger Issue Type: Bug Components: admin Reporter: Subhrat Chaudhary Assignee: Subhrat Chaudhary In https://issues.apache.org/jira/browse/RANGER-4398 we added support for additional resource details with RangerSecurityZoneResourceBase. When resource are added to a security-zone, id started from 1, instead of using id of the last resourceBaseInfo from SecurityZone request -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4437) incorrect error log from ResourceMatcher.isMatch()
[
https://issues.apache.org/jira/browse/RANGER-4437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17769517#comment-17769517
]
Subhrat Chaudhary commented on RANGER-4437:
---
+1 to add the fix
> incorrect error log from ResourceMatcher.isMatch()
> --
>
> Key: RANGER-4437
> URL: https://issues.apache.org/jira/browse/RANGER-4437
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 3.0.0
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: RANGER-4437.patch
>
>
> {{ResourceMatcher.isMatch(matchType, matchingScope)}} generates following
> error log when matchType is {{{}NONE{}}}.
> {noformat}
> org.apache.ranger.plugin.resourcematcher.ResourceMatcher:166 - invalid
> ResourceElementMatchType: {NONE}
> {noformat}
> NONE is a valid value for parameter matchType, hence this error log is
> incorrect.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4436) Support cascading delete for dataset
Subhrat Chaudhary created RANGER-4436: - Summary: Support cascading delete for dataset Key: RANGER-4436 URL: https://issues.apache.org/jira/browse/RANGER-4436 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary We need to support cascading delete for dataset and delete following: 1. delete related requests (dataShareInDataset, datasetinProject) 2. delete default policy -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4435) Support cascading delete for datashare
Subhrat Chaudhary created RANGER-4435: - Summary: Support cascading delete for datashare Key: RANGER-4435 URL: https://issues.apache.org/jira/browse/RANGER-4435 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary We need to support cascading delete for datashare and delete following also: 1. delete related requests 2. delete related sharedResources -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4434) Need a new API to get list of requests for the current user
[ https://issues.apache.org/jira/browse/RANGER-4434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4434: -- Description: Need a new API to get list of requests for the current user for the My Requests page (was: Need a new API to get list of requests for the current user for the My Requests >> Request Details page) > Need a new API to get list of requests for the current user > --- > > Key: RANGER-4434 > URL: https://issues.apache.org/jira/browse/RANGER-4434 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Need a new API to get list of requests for the current user for the My > Requests page -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4434) Need a new API to get list of requests for the current user
Subhrat Chaudhary created RANGER-4434: - Summary: Need a new API to get list of requests for the current user Key: RANGER-4434 URL: https://issues.apache.org/jira/browse/RANGER-4434 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Need a new API to get list of requests for the current user for the My Requests >> Request Details page -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4433) Implement ACL for get API for datashare by id
Subhrat Chaudhary created RANGER-4433:
-
Summary: Implement ACL for get API for datashare by id
Key: RANGER-4433
URL: https://issues.apache.org/jira/browse/RANGER-4433
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
We need to implement ACL evaluation for the GET API /datashare/\{id} for the
page Datashares >> Datashare Details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4432) Need a new API for security-zone lookup
Subhrat Chaudhary created RANGER-4432: - Summary: Need a new API for security-zone lookup Key: RANGER-4432 URL: https://issues.apache.org/jira/browse/RANGER-4432 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary We need to new API to run lookup on security-zones, with support for serviceName as query-param -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4426) Add field approver in dataset request entities
[ https://issues.apache.org/jira/browse/RANGER-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4426: - Assignee: Subhrat Chaudhary > Add field approver in dataset request entities > -- > > Key: RANGER-4426 > URL: https://issues.apache.org/jira/browse/RANGER-4426 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > To be able to record details of the approver of the requests i.e. request to > add datashare in dataset and request to add dataset in project. we need an > approver field in RangerDatashareInDataset and RangerDatasetInProject. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4431) Need additional filters for GET sharedResources API
[
https://issues.apache.org/jira/browse/RANGER-4431?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4431:
--
Description:
{color:#00}Need additional filters for GET sharedResources API -
/gds/resource{color}
{color:#00}Filter: sharedResourceName, resourceName - partial search
{color}
was:
{color:#00}Need additional filters for GET sharedResources API -
/gds/resource
{color}
{color:#00}Filter: sharedResourceName - partial search, resourceName
{color}
> Need additional filters for GET sharedResources API
> ---
>
> Key: RANGER-4431
> URL: https://issues.apache.org/jira/browse/RANGER-4431
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> {color:#00}Need additional filters for GET sharedResources API -
> /gds/resource{color}
> {color:#00}Filter: sharedResourceName, resourceName - partial search
> {color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4431) Need additional filters for GET sharedResources API
Subhrat Chaudhary created RANGER-4431:
-
Summary: Need additional filters for GET sharedResources API
Key: RANGER-4431
URL: https://issues.apache.org/jira/browse/RANGER-4431
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
{color:#00}Need additional filters for GET sharedResources API -
/gds/resource
{color}
{color:#00}Filter: sharedResourceName - partial search, resourceName
{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4430) Create datshare and sharedResource in cascade
Subhrat Chaudhary created RANGER-4430: - Summary: Create datshare and sharedResource in cascade Key: RANGER-4430 URL: https://issues.apache.org/jira/browse/RANGER-4430 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Currently we have separate APIs to create Datashare and SharedResource. We need a single API to receive custom object with datashare and mapped sharedResources. We need to first create datashare and created sharedResources with id of the newly created datashare. This has to be done in a transaction. Created datashare will have ACL with ADMIN permission for the creating user. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4428) Need a new API to get list of zones mapped to a service
[
https://issues.apache.org/jira/browse/RANGER-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4428:
--
Description:
Need a new API to get list of zones mapped to a service for the Create
Datashare >> Step 2 > Select Service >> Select Zone
Request: serviceId will received in params
Response: {color:#00}Map{color}
was:
Need a new API to get list of services mapped to a zone for the Create
Datashare >> Step 2 > Select Security Zone >> Select Service
Request: zoneId will received in params
Response: {color:#00}Map{color}
{color:#00}If no zone-id/name is specified should get all the service with
atlease one zone (zoneless service should not be returned){color}
> Need a new API to get list of zones mapped to a service
> ---
>
> Key: RANGER-4428
> URL: https://issues.apache.org/jira/browse/RANGER-4428
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> Need a new API to get list of zones mapped to a service for the Create
> Datashare >> Step 2 > Select Service >> Select Zone
> Request: serviceId will received in params
> Response: {color:#00}Map{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4428) Need a new API to get list of zones mapped to a service
[
https://issues.apache.org/jira/browse/RANGER-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4428:
--
Summary: Need a new API to get list of zones mapped to a service (was:
Need a new API to get list of services mapped to a zone)
> Need a new API to get list of zones mapped to a service
> ---
>
> Key: RANGER-4428
> URL: https://issues.apache.org/jira/browse/RANGER-4428
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> Need a new API to get list of services mapped to a zone for the Create
> Datashare >> Step 2 > Select Security Zone >> Select Service
> Request: zoneId will received in params
> Response: {color:#00}Map{color}
> {color:#00}If no zone-id/name is specified should get all the service
> with atlease one zone (zoneless service should not be returned){color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4428) Need a new API to get list of services mapped to a zone
Subhrat Chaudhary created RANGER-4428:
-
Summary: Need a new API to get list of services mapped to a zone
Key: RANGER-4428
URL: https://issues.apache.org/jira/browse/RANGER-4428
Project: Ranger
Issue Type: Sub-task
Components: admin
Reporter: Subhrat Chaudhary
Need a new API to get list of services mapped to a zone for the Create
Datashare >> Step 2 > Select Security Zone >> Select Service
Request: zoneId will received in params
Response: {color:#00}Map{color}
{color:#00}If no zone-id/name is specified should get all the service with
atlease one zone (zoneless service should not be returned){color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4427) Need a new API to get list of datasets for a datashare with request status
Subhrat Chaudhary created RANGER-4427: - Summary: Need a new API to get list of datasets for a datashare with request status Key: RANGER-4427 URL: https://issues.apache.org/jira/browse/RANGER-4427 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary We need a new API to get list of datasets for a datashare with request status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4425) Need a new API to get history of operations on dataset/datashare requests
[ https://issues.apache.org/jira/browse/RANGER-4425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4425: -- Description: Need a new API to get history of Need a new API to get history of operations on dataset/datashare requests, for the history tab in Dataset/Datashare details page. (was: Need a new API to get history of CRUD operations on dataset, for the history tab in Dataset details page.) > Need a new API to get history of operations on dataset/datashare requests > - > > Key: RANGER-4425 > URL: https://issues.apache.org/jira/browse/RANGER-4425 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Need a new API to get history of Need a new API to get history of operations > on dataset/datashare requests, for the history tab in Dataset/Datashare > details page. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4425) Need a new API to get history of operations on dataset/datashare requests
[ https://issues.apache.org/jira/browse/RANGER-4425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4425: -- Summary: Need a new API to get history of operations on dataset/datashare requests (was: Need a new API to get history of CRUD operations on dataset) > Need a new API to get history of operations on dataset/datashare requests > - > > Key: RANGER-4425 > URL: https://issues.apache.org/jira/browse/RANGER-4425 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > Need a new API to get history of CRUD operations on dataset, for the history > tab in Dataset details page. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4426) Add field approver in dataset request entities
[ https://issues.apache.org/jira/browse/RANGER-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary updated RANGER-4426: -- Summary: Add field approver in dataset request entities (was: Add field approved in dataset request entities) > Add field approver in dataset request entities > -- > > Key: RANGER-4426 > URL: https://issues.apache.org/jira/browse/RANGER-4426 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Subhrat Chaudhary >Priority: Major > > To be able to record details of the approver of the requests i.e. request to > add datashare in dataset and request to add dataset in project. we need an > approver field in RangerDatashareInDataset and RangerDatasetInProject. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4426) Add field approved in dataset request entities
Subhrat Chaudhary created RANGER-4426: - Summary: Add field approved in dataset request entities Key: RANGER-4426 URL: https://issues.apache.org/jira/browse/RANGER-4426 Project: Ranger Issue Type: Sub-task Components: Ranger Reporter: Subhrat Chaudhary To be able to record details of the approver of the requests i.e. request to add datashare in dataset and request to add dataset in project. we need an approver field in RangerDatashareInDataset and RangerDatasetInProject. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4425) Need a new API to get history of CRUD operations on dataset
Subhrat Chaudhary created RANGER-4425: - Summary: Need a new API to get history of CRUD operations on dataset Key: RANGER-4425 URL: https://issues.apache.org/jira/browse/RANGER-4425 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary Need a new API to get history of CRUD operations on dataset, for the history tab in Dataset details page. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4423) Add support for filter by service and zone name in get datashare API
[ https://issues.apache.org/jira/browse/RANGER-4423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4423. - > Add support for filter by service and zone name in get datashare API > > > Key: RANGER-4423 > URL: https://issues.apache.org/jira/browse/RANGER-4423 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In the GET Datashare API, we need to add support for additional search > filters for zoneName and serviceName, for datashare listing . -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4423) Add support for filter by service and zone name in get datashare API
[ https://issues.apache.org/jira/browse/RANGER-4423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary resolved RANGER-4423. --- Resolution: Duplicate Duplicate of https://issues.apache.org/jira/browse/RANGER-4410 > Add support for filter by service and zone name in get datashare API > > > Key: RANGER-4423 > URL: https://issues.apache.org/jira/browse/RANGER-4423 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In the GET Datashare API, we need to add support for additional search > filters for zoneName and serviceName, for datashare listing . -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4416) Need a new API to get datashares to be dispalyed on pop up for Add Request
[
https://issues.apache.org/jira/browse/RANGER-4416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary resolved RANGER-4416.
---
Resolution: Duplicate
Duplicate of https://issues.apache.org/jira/browse/RANGER-4397
> Need a new API to get datashares to be dispalyed on pop up for Add Request
> --
>
> Key: RANGER-4416
> URL: https://issues.apache.org/jira/browse/RANGER-4416
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> In Dataset Details >> DataShare >> Request Datashares >> We need to display
> all the datashares with LIST access (based on ACL) for the Dataset admin.
>
> {color:#00}We need to exclude existing one for which request is in
> GRANTED, ACTIVE, REQUESTED states. Response: id, Name, Descrption Filter:
> partial search on datashare name{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4423) Add support for filter by service and zone name in get datashare API
[ https://issues.apache.org/jira/browse/RANGER-4423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4423: - Assignee: Subhrat Chaudhary > Add support for filter by service and zone name in get datashare API > > > Key: RANGER-4423 > URL: https://issues.apache.org/jira/browse/RANGER-4423 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In the GET Datashare API, we need to add support for additional search > filters for zoneName and serviceName, for datashare listing . -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4423) Add support for filter by service and zone name in get datashare API
Subhrat Chaudhary created RANGER-4423: - Summary: Add support for filter by service and zone name in get datashare API Key: RANGER-4423 URL: https://issues.apache.org/jira/browse/RANGER-4423 Project: Ranger Issue Type: Sub-task Components: admin Reporter: Subhrat Chaudhary In the GET Datashare API, we need to add support for additional search filters for zoneName and serviceName, for datashare listing . -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4415) Need a new API to create multiple datashare requests for a dataset
[ https://issues.apache.org/jira/browse/RANGER-4415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4415: - Assignee: Subhrat Chaudhary > Need a new API to create multiple datashare requests for a dataset > -- > > Key: RANGER-4415 > URL: https://issues.apache.org/jira/browse/RANGER-4415 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > In Dataset details page - Add datashare - user can select multiple datasets > and send request to dataset owner. We need a new POST API that can accept > request for multiple datashares. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (RANGER-4414) Creation of RLF policy without filter condition is allowed
[ https://issues.apache.org/jira/browse/RANGER-4414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary closed RANGER-4414. - > Creation of RLF policy without filter condition is allowed > -- > > Key: RANGER-4414 > URL: https://issues.apache.org/jira/browse/RANGER-4414 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Subhrat Chaudhary >Priority: Major > > A Row Level filter policy without filter condition is allowed to be created > in Ranger UI and backend. We should block this, since RLF policy without > filter condition can't be used and can lead to error if not handled in plugin > end. -- This message was sent by Atlassian Jira (v8.20.10#820010)
