Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2521

Masking policies not picked from the zone of the accessed resource

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: master
    • Fix Version/s: master
    • Component/s: Ranger
    • Labels:
      None

      Description

      Setup:

      Zone Production includes:

        Services: cm_hive, cm_tag

       Resources: Hive table retail_demo.customers in cm_hive

        Tag-based masking policy (#43): EMAIL_PII, group=public, access=select, maskType=nullify

       

      Unzoned includes:

        Tag-based masking policy (#44): EMAIL_PII, group=public, access=select, maskType=hash

       

      Column retail_demo.customers.customer_email is tagged with EMAIL_PII

       

      When retail_demo.customers.customer_email is accessed, audit log indicates that access is granted by policy from Production zone, but masking is done by policy from unzoned(default) zone. Masking should be done by policy in the Production zone too.

        Attachments

          Activity

            People

            • Assignee:
              abhayk Abhay Kulkarni
              Reporter:
              abhayk Abhay Kulkarni
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: