ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 67770: RANGER-2143: updated Atlas authorizer with addtion of scrubSearchResults() method
Date Fri, 29 Jun 2018 07:26:57 GMT


> On June 28, 2018, 9:16 p.m., Ramesh Mani wrote:
> > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
> > Lines 295 (patched)
> > <https://reviews.apache.org/r/67770/diff/1/?file=2046812#file2046812line363>
> >
> >     If I have a classification on a entity,and have policy for that classification,
then ranger allowed to access which is fine. But other entities which don't have classifications
has to have "_Not_Classified" policy in ranger in order to access, which make it that we need
to have "
> >     _NOT_Classified" for all the resources which need access or we need to have
"*" policy for the classification.
> >     Is this the intended way?  I thought that entities without classification will
be always allowed.

Yes. This is by design. This will allow users to control access to entities that are not yet
classified.


- Madhan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67770/#review205526
-----------------------------------------------------------


On June 29, 2018, 7:26 a.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67770/
> -----------------------------------------------------------
> 
> (Updated June 29, 2018, 7:26 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Nixon Rodrigues, Ramesh Mani, and Sarath Subramanian.
> 
> 
> Bugs: RANGER-2143
>     https://issues.apache.org/jira/browse/RANGER-2143
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> - updated Atlas authorizer with addtion of scrubSearchResults() method
> - updated entity-access authorization to enable authorization of entity that don't have
any classification
> 
> 
> Diffs
> -----
> 
>   plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
8d56f14f9 
>   plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
aba4b8c2e 
>   pom.xml 07952102e 
>   ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
9302bdd09 
> 
> 
> Diff: https://reviews.apache.org/r/67770/diff/2/
> 
> 
> Testing
> -------
> 
> - verified that entity-attributes and classifications in the search-result are cleared
for entities the user doesn't have read access to
> - verified that authorization policy with entity-classification=_NOT_CLASSIFIED applies
for entities that don't have any classification associated
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message