I don't know how to trace this, but from inspecting the code the error is
probably coming from here:
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
List<XXResourceDef> xxResourceDefs =
xxResDefDao.findByServiceDefId(createdSvcDef.getId());
for(RangerResourceDef resource : dataMaskResources) {
if(! isResourceInList(resource.getName(), xxResourceDefs)) {
throw restErrorUtil.createRESTException("resource with name: "
+ resource.getName() + " does not exists",
MessageEnums.DATA_NOT_FOUND);
}
}
The way it is written, I think all top level resources are going to appear in
access policies. Column mask and row filter policies can use a subset of the
top level resources, but are not able to define a resource which does not
appear in the access policies.
Please let me know if this is accurate, and if there is a way to work around it.
________________________________
From: Don Bosco Durai <bo...@apache.org>
Sent: June 26, 2018 10:22 PM
To: user@ranger.apache.org
Subject: Re: Can the resource 'column' only exist in the masking policies?
I looked in to the Hive Service Defination and it seems we have different set
of resource type definitions for Access Policy and Masking. So ideally,
whatever you are doing is supported by the Service Definition. It might be that
your scenario might not have been tested.
Best way would be for you to just trace the code and see where you are getting
the error.
Madhan or Ramesh who are more familiar with the code might have more insights.
Bosco
From: Eric Alton <sultanapea...@hotmail.com>
Reply-To: <user@ranger.apache.org>
Date: Tuesday, June 26, 2018 at 7:18 PM
To: "user@ranger.apache.org" <user@ranger.apache.org>
Subject: Re: Can the resource 'column' only exist in the masking policies?
I'm looking to add column masking to a custom plugin (Big SQL), and we do not
have column level access policies.
________________________________
From: Don Bosco Durai <bo...@apache.org>
Sent: June 26, 2018 5:27 PM
To: user@ranger.apache.org
Subject: Re: Can the resource 'column' only exist in the masking policies?
Are you using out of the box Hive Ranger Plugin? Or is it a custom Ranger
plugin?
Bosco
From: Eric Alton <sultanapea...@hotmail.com>
Reply-To: <user@ranger.apache.org>
Date: Tuesday, June 26, 2018 at 2:14 PM
To: "user@ranger.apache.org" <user@ranger.apache.org>
Subject: Can the resource 'column' only exist in the masking policies?
Our Ranger plugin does not support column level access policies, but we want to
support column masking. I've been playing around with the servicedef file, and
can not get column to only appear in the masking policies. Is there a way to do
this?
(top level) resources: schema is a parent of table
dataMaskDef->resources: schema is a parent of table. table is a parent of
column.
The error I get when only listing column under dataMaskDef->resources is:
{"statusCode":1,"msgDesc":"resource with name: column does not
exists","messageList":[{"name":"DATA_NOT_FOUND","rbKey":"xa.error.data_not_found","message":"Data
not found"}]}
