[RANGER-2066] Hbase column family access is authorized by a tagged column in the column family - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.0, master, 0.7.1
Fix Version/s: master, 0.7.2, 1.1.0, 1.0.1
Component/s: Ranger
Labels:
None

Description

SCENARIO:

Table emp has 2 column families: personal_data(name,SSN,age) ; prof_data(role, manager)
Column emp/prof_data/role is tagged with OFFICIAL tag.

Create following policies:
Resource policy allows Read on all tables, all column-families and all columns and a tag policy allows Read on OFFICIAL tag to test_user.

When test_user executes "scan 'emp' " command, two audit log records are created:
1. Resource: emp/personal_data
Name / Type: column-family
Allowed
Policy allowing: Resource based policy

2. Resource: emp/prof_data
Name / Type: column-family
Allowed
Policy allowing: TAG based policy for OFFICIAL tag

prof_data column-family should be authorized by resource policy.

Attachments

Activity

People

Assignee:: Abhay Kulkarni

Reporter:: Anuja Leekha

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Apr/18 21:06

Updated:: 13/Apr/18 19:19

Resolved:: 13/Apr/18 19:19