[RANGER-4767] Deleted policies are still taking effect if all policies for a security zone are deleted - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: Ranger
Labels:
None

Description

If all the policies for a security zone are deleted, then still the previous policies are taking effect.
If there are no policies in the repo, then the following error is seen in the logs
while syncing the policies, and the previously existing policies are still taking effect and operations are allowed through those policies

2024-04-02T16:09:42.913Z	ERROR	PolicyRefresher(serviceName=cm_trino)-233	org.apache.ranger.plugin.service.RangerBasePlugin	setPolicies: policy engine initialization failed!  Leaving current policy engine as-is. Exception : 
java.lang.NullPointerException: Cannot invoke "java.util.List.iterator()" because "this.policies" is null
	at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.init(RangerPolicyRepository.java:887)
	at org.apache.ranger.plugin.policyengine.RangerPolicyRepository.<init>(RangerPolicyRepository.java:229)
	at org.apache.ranger.plugin.policyengine.PolicyEngine.<init>(PolicyEngine.java:264)
	at org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.<init>(RangerPolicyEngineImpl.java:104)
	at org.apache.ranger.plugin.service.RangerBasePlugin.setPolicies(RangerBasePlugin.java:363)
	at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:264)
	at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:210)

Attachments

Activity

People

Assignee:: Abhay Kulkarni

Reporter:: Abhishek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Apr/24 01:20

Updated:: 04/Apr/24 20:44

Resolved:: 04/Apr/24 20:44