ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anuja Leekha (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2066) Error in logging audit for Hbase Tag flow
Date Wed, 11 Apr 2018 21:07:00 GMT
Anuja Leekha created RANGER-2066:
------------------------------------

             Summary: Error in logging audit for Hbase Tag flow
                 Key: RANGER-2066
                 URL: https://issues.apache.org/jira/browse/RANGER-2066
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 1.0.0, master
            Reporter: Anuja Leekha
             Fix For: master, 1.1.0


ERROR SCENARIO:

Table emp has 2 col-families: personal_data(name,SSN,age) ; prof_data(role, manager)
Column emp/prof_data/role is tagged with OFFICIAL tag.

Create following policies:
Rsrc policy allows R on *,*,* 
Tag policy allows R on OFFICIAL tag (emp/prof_data/role).

'scan emp' audit shows 2 rows:
1. Resource: emp/personal_data
Name / Type: column-family
Allowed
Policy allowing: Access based policy [Tag column shows PII]

2. Resource: emp/prof_data
Name / Type: column-family
Allowed
Policy allowing: TAG based policy{color:#d04437} -> How can column level tag based policy
authorize whole of column family?{color}
TAG: OFFICIAL

This gives the impression that whole of personal_data column-family is tagged with the OFFICIAL
tag.

Solution: Audit should be generated column wise so that each column can show the correct policy
id authorizing it.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message