Google Git
Sign in
apache / ranger / 741f233cafb40c0ca798c895f93f34c0880d3780^! / .
commit741f233cafb40c0ca798c895f93f34c0880d3780[log] [tgz]
authorSanket-Shelar <sanket.shelar.dev@gmail.com>Wed Feb 07 19:16:52 2024 +0530
committerMadhan Neethiraj <madhan@apache.org>Wed Feb 07 22:05:06 2024 -0800
treefb9e0e16d30c52254a665f2ccf1c91483adc9357
parent168613e7490f0c77826de8a833ff8e6de8219e71 [diff]
RANGER-4690: updated Hive plugin to fix incorrect policy version in access audits in case of deny due to masking/row-filter policies

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 44c66df..9b25e2b 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java

@@ -1068,6 +1068,7 @@
 
 						result.setIsAllowed(false);
 						result.setPolicyId(rowFilterResult.getPolicyId());
+						result.setPolicyVersion(rowFilterResult.getPolicyVersion());
 						result.setReason("User does not have access to all rows of the table");
 					} else {
 						// check if masking is enabled for any column in the table/view
@@ -1082,6 +1083,7 @@
 
 							result.setIsAllowed(false);
 							result.setPolicyId(dataMaskResult.getPolicyId());
+							result.setPolicyVersion(dataMaskResult.getPolicyVersion());
 							result.setReason("User does not have access to unmasked column values");
 						}
 					}