subject:"Review Request 74143\: RANGER\-3912\:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user"

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

2022-10-03 Thread Ramesh Mani



> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> > Lines 4950 (patched)
> > 
> >
> > Why is the "group" parameter removed from searchFilter here, especially 
> > with line 4986? Please review.

searchFilter which are set in the previous call is reset to current filter 
which is based on "roles"and that is the reason we remove "group" parameter.


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> > Lines 6241 (patched)
> > 
> >
> > There is a recursive call here. If the depth of the role hierarchy is 
> > too deep, this may cause stack overflow. Please review to see if that is 
> > possible.

This recursive call is need to fetch the roles belonging to role and its 
childs. Haven't seen maintaing role tree that deep to get into overflow issue. 
Looping issue is already handled in the method


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java
> > Lines 57 (patched)
> > 
> >
> > Does this function's return list include the groupName that is passed 
> > in as argument? Is the caller expecting that? Please review.

No caller is not expected to return the groupName that is passed in the 
argument.


> On Sept. 30, 2022, 7:22 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/resources/META-INF/jpa_named_queries.xml
> > Lines 293 (patched)
> > 
> >
> > This query returns only parent group of the argument groupName. Is it 
> > expected to find more distant ancestors too? Please review.

It is not expected to find more distant ancestors. Ranger don't maintain group 
to group mapping. Users belonging to groups and policies maintained for those 
groups are already handled.


- Ramesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/#review224725
---


On Sept. 27, 2022, 7:37 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74143/
> ---
> 
> (Updated Sept. 27, 2022, 7:37 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3912
> https://issues.apache.org/jira/browse/RANGER-3912
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3912:Ranger Policy report for a give user should fetch policies 
> maintained for roles belonging to that user
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 913633600 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
> 21948b108 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74143/diff/1/
> 
> 
> Testing
> ---
> 
> Verified in local vm  API to fetch policies for give user / group / role and 
> also via Ranger UI
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

2022-09-30 Thread Abhay Kulkarni


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/#review224725
---




security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 4950 (patched)


Why is the "group" parameter removed from searchFilter here, especially 
with line 4986? Please review.



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 4989 (patched)


Should the groupName be added to the groupNames set as well? Please review.



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 6241 (patched)


There is a recursive call here. If the depth of the role hierarchy is too 
deep, this may cause stack overflow. Please review to see if that is possible.



security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java
Lines 57 (patched)


Does this function's return list include the groupName that is passed in as 
argument? Is the caller expecting that? Please review.



security-admin/src/main/resources/META-INF/jpa_named_queries.xml
Lines 293 (patched)


This query returns only parent group of the argument groupName. Is it 
expected to find more distant ancestors too? Please review.


- Abhay Kulkarni


On Sept. 27, 2022, 7:37 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74143/
> ---
> 
> (Updated Sept. 27, 2022, 7:37 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3912
> https://issues.apache.org/jira/browse/RANGER-3912
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3912:Ranger Policy report for a give user should fetch policies 
> maintained for roles belonging to that user
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 913633600 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
> 21948b108 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 
> 
> 
> Diff: https://reviews.apache.org/r/74143/diff/1/
> 
> 
> Testing
> ---
> 
> Verified in local vm  API to fetch policies for give user / group / role and 
> also via Ranger UI
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

2022-09-27 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74143/
---

Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-3912
https://issues.apache.org/jira/browse/RANGER-3912


Repository: ranger


Description
---

RANGER-3912:Ranger Policy report for a give user should fetch policies 
maintained for roles belonging to that user


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
913633600 
  security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
21948b108 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java 35d718858 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml e4a2354b0 


Diff: https://reviews.apache.org/r/74143/diff/1/


Testing
---

Verified in local vm  API to fetch policies for give user / group / role and 
also via Ranger UI


Thanks,

Ramesh Mani

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

Re: Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

Review Request 74143: RANGER-3912:Ranger Policy report for a give user should fetch policies maintained for roles belonging to that user

3 matches

Site Navigation

Mail list logo

Footer information