Page tree
Skip to end of metadata
Go to start of metadata

Release Notes - Ranger 0.6.0 (Release in progress)

Sub-task

  • [RANGER-270] - Solr configuration and setup files and documentation
  • [RANGER-271] - Script and process to migrate existing audit from RDBMS to Solr
  • [RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
  • [RANGER-595] - Support for persisting tag info in the database
  • [RANGER-611] - Update policy listing page with a new column 'Policy Type'
  • [RANGER-612] - Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization
  • [RANGER-643] - Audit page: filter by Tags column does not work
  • [RANGER-644] - Update Solr audit source/destination to support 'Tags' field
  • [RANGER-645] - Tag DB Store should be available in all supported DB flavors
  • [RANGER-646] - Policy UI updates for the changes in policy model to support policyItems of type allow/deny/allow-exception/deny-exception
  • [RANGER-660] - Implement TagSync process to populate Ranger with tag details
  • [RANGER-670] - Policy UI to support input of a single value for resources
  • [RANGER-709] - Support conditions that handle only a single value
  • [RANGER-737] - Need to update the current implementation for recent changes in Kafka
  • [RANGER-843] - Add indexes to improve Postgres query performance
  • [RANGER-844] - Optimize policy retrieval for non-admin users
  • [RANGER-848] - Policy listing page: users column is empty for non-admin users
  • [RANGER-851] - Remove all occurrences from code that would violate PMD EmptyFinallyBlock rule
  • [RANGER-855] - Fix "BooleanInstantiation" issues
  • [RANGER-856] - Fix "DontImportJavaLang" issues
  • [RANGER-860] - Fix DuplicateImports/UnusedImports
  • [RANGER-866] - Service delete fails with error 'XXService was updated or deleted by another transaction'
  • [RANGER-871] - Fix migrating issues
  • [RANGER-874] - Deny & allow/deny exceptions in policies should be optional
  • [RANGER-876] - Policy UI updates to make deny & exception policy items optional
  • [RANGER-877] - Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow
  • [RANGER-879] - Fix JUnit4TestShouldUseTestAnnotation issue
  • [RANGER-883] - Fix remaining "imports" issues
  • [RANGER-890] - Fix "unnecessary" issues
  • [RANGER-905] - Fix "UnusedModifier" issues
  • [RANGER-911] - Fix Unused Formal Parameters
  • [RANGER-937] - Fix unused local variables issue
  • [RANGER-953] - Tag Based policies menu is not appearing for 'ADMIN' role users after upgrade from 0.5

Bug

  • [RANGER-149] - If the HDFS file system is empty then repository configurator gives confusing message
  • [RANGER-204] - Not able to delete user or group if user/group has any policy defined.
  • [RANGER-205] - Delete rest api of User not deleting user completely from system
  • [RANGER-218] - LDAP Groups incorrectly labelled internal
  • [RANGER-255] - Email Address discrepancy
  • [RANGER-341] - request_data and request_path columns are short
  • [RANGER-414] - Resource name is not easily readable in Ranger access logs
  • [RANGER-541] - Address 0.5 release packaging feedback
  • [RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
  • [RANGER-575] - Allow KMS policies to be assigned to all users
  • [RANGER-584] - Service validation: Provide user friendly error messages about validation failures
  • [RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
  • [RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
  • [RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
  • [RANGER-596] - Add support for location based authorization
  • [RANGER-606] - Add support for deny policies
  • [RANGER-607] - Unable to create multiple policyItems for same user or group
  • [RANGER-608] - Denied access to list a directory does not generate audit
  • [RANGER-609] - Limit the width of 'Policy Conditions' column in policy-edit page
  • [RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
  • [RANGER-616] - Add UI validation for max length of service conf properties fields
  • [RANGER-617] - Handle Search by status on policy search filter
  • [RANGER-618] - KMS gets slower in key creation once Database grows
  • [RANGER-619] - Add a Hive condition to restrict access to mutually exclusive columns
  • [RANGER-622] - Hive plugin: Add jar via beeline throws NPE
  • [RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
  • [RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
  • [RANGER-628] - Make filters for ranger-admin search binds configurable
  • [RANGER-631]- audit log is not present for deleting user
  • [RANGER-632] - Policy validation error messages produced by the server are not seen by the user
  • [RANGER-633] - Service validation error messages produced by the server are not seen by the user
  • [RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
  • [RANGER-635] - delete an user and then add a new user with same id but with diffenent role creates user with old role
  • [RANGER-636] - Component Level Permission popup for tag based policy create page
  • [RANGER-637] - Make REFERRAL property in Ranger User sync configurable
  • [RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
  • [RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
  • [RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
  • [RANGER-654] - Component process goes in a tight loop if audit destination is down
  • [RANGER-656] - Ranger UI - KMS Need to handle 404 error when clicked on breadcrumb
  • [RANGER-658] - Package ranger_credential_helper.py with Ranger Usersync assembly
  • [RANGER-661] - Plugin receives empty policy list though the service has policies
  • [RANGER-662] - Policy create/update failures leave partial policy in the database
  • [RANGER-663] - Race condition during policy update causes policy to get in an bad state
  • [RANGER-664] - Ranger PolicyRefresh REST Client timeout parameter should be configurable
  • [RANGER-671] - Add support to retrieve permissions for the logged in user from UserSession rather going to database every time
  • [RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
  • [RANGER-673] - Setup changes to allow Ranger service to installed using custom service user
  • [RANGER-674] - Ranger public rest api gives 200 response for wrong credential instead of 401
  • [RANGER-675] - User with access to one of columns via tag is able to access other columns as well
  • [RANGER-677] - Ranger Admin fails to render policies referring to groups that contain "." in name
  • [RANGER-679] - Support Secure Solr from Ranger Admin
  • [RANGER-680] - Remove public group (by default) in default policy for KMS repo
  • [RANGER-681] - Update default sync intervals for LDAP and UNIX
  • [RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
  • [RANGER-683] - User with authorization to a tag is allowed access even though access is denied by a policy for the resource
  • [RANGER-688] - Handle scenario where ids of XUser and XPortalUser are not in sync
  • [RANGER-690] - Ranger Admin doesn't show error if Audit Solr is down
  • [RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
  • [RANGER-700] - Provide a wrapper shell script to run the FileSourceUserGroupBuilder process
  • [RANGER-701] - Update setup scripts to allow special characters in passwords
  • [RANGER-702] - Optimize policy download performance
  • [RANGER-703] - Policy UI validation blocks policy with audit-disabled and no groups
  • [RANGER-704] - Service enable/disable should refresh the policies in the plugins
  • [RANGER-710] - Add a permission for 'Tag Based Policies'
  • [RANGER-711] - Fix code defects uncovered by static analysis of code-base
  • [RANGER-714] - Enhancements to the db admin setup scripts.
  • [RANGER-719] - Audit in RangerAdmin doesn't show latest audits in UI if server is on different timezone
  • [RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
  • [RANGER-724] - AuditBatchQueue: prevQueueSize not recomputed after initial assignment - static code analyzer flagged issue
  • [RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
  • [RANGER-726] - Ranger Build Compilation faliure due to atlas changes
  • [RANGER-727] - Knox Plugin failed to AuditToSpool file when Audit Destination is down
  • [RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
  • [RANGER-731] - Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS
  • [RANGER-733] - Implement best coding practices to resolve issues found during code scan
  • [RANGER-734] - Add unit tests for Ranger Usersync module
  • [RANGER-736] - Apache license headers missing in files from recent commit
  • [RANGER-739] - Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue
  • [RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
  • [RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
  • [RANGER-743] - External users with Admin Role should be allowed to create/update users
  • [RANGER-745] - Upgrade Apache commons-collections
  • [RANGER-748] - Users in policy got changed after upgrade
  • [RANGER-751] - Ranger admin setup fails with TypeError
  • [RANGER-752] - Name node not starting due StackOverFlowError exception
  • [RANGER-753] - Optimize tag download performance
  • [RANGER-754] - Ranger YARN Plugin lookup and test connection should support SPENGO enabled HTTP Authentication
  • [RANGER-755] - ldap run.sh script fails since auth directory does not exist
  • [RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
  • [RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
  • [RANGER-758] - Handle special characters in passwords starting from -r
  • [RANGER-759] - Fix Ranger Knox SSO logout/session expired issues
  • [RANGER-760] - Ranger UI code cleanup
  • [RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
  • [RANGER-763] - Optimize policy evaluation by reordering match-checks
  • [RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
  • [RANGER-765] - Handle logout scenario for knox sso disabled case
  • [RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
  • [RANGER-769] - Can't connect to Solr server because of Httpcore issue in HBase
  • [RANGER-770] - Fix NullPointerException Unit test cases on master branch
  • [RANGER-771] - 4+ Log entries upon login in in X_AUTH_SESS
  • [RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
  • [RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
  • [RANGER-775] - Annotate classes used in REST API with ignoreUnknown=true for version compatibility
  • [RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
  • [RANGER-778] - Fix user update issue
  • [RANGER-779] - Remove unused attributes in RangerPolicyItem
  • [RANGER-780] - Atlas-Interface: Update Atlas Notification processing to accommodate format changes to qualifiedName attribute
  • [RANGER-781] - Ranger Kafka Plugin failed to log audit into secure hdfs cluster
  • [RANGER-784] - Annotate REST API classes to use get/set methods instead of directly accessing fields
  • [RANGER-787] - Clean up ranger-tagsync configuration; remove unneeded parameters
  • [RANGER-788] - Ranger Admin should set delegateAdmin=false for tag-based policies
  • [RANGER-789] - Incorrect policy list paging for non-admin users
  • [RANGER-791] - Update ranger to work with HiveAuthorizer interface changes
  • [RANGER-792] - Updates for Atlas API changes in ATLAS-394
  • [RANGER-793] - Atlas notification dependencies should be included in ranger-tagsync package
  • [RANGER-794] - Ranger policy engine performance measurement
  • [RANGER-795] - Ranger admin does not start when SSL is enabled.
  • [RANGER-796] - Good coding practice: fix issues in updates from RANGER-794
  • [RANGER-797] - Good coding practice: fix issues in updates from RANGER-789
  • [RANGER-798] - Handle different timezone issue while saving audit logs to Solr
  • [RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
  • [RANGER-800] - Move Context enricher implementation RangerFileBasedGeolocationProvider out of test into prod
  • [RANGER-801] - Enable tagsync to run in secure mode.
  • [RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
  • [RANGER-804] - Delete groups associated with User causes Exception in UserSync
  • [RANGER-805] - Update Ranger website FAQs
  • [RANGER-807] - TagSync should support periodic full sync with Apache Atlas
  • [RANGER-809] - Audit framework need to cache the getHostName() values to reuse for successive calls
  • [RANGER-814] - In Ranger Audit using Solr, auto create fields should be single valued
  • [RANGER-824] - Fix code standards to remove exceptions in pmd ruleset
  • [RANGER-829] - Root pom specifies incorrect minimum Maven version
  • [RANGER-831] - Single policy update increases policy history version by 2 - gives error to view history
  • [RANGER-835] - Authentication bypass in Ranger API
  • [RANGER-836] - Optimize policy download to plugins - by not including unused fields
  • [RANGER-838] - Tag-sync should be resilient to Ranger Admin availability
  • [RANGER-840] - ranger-admin and ranger-usersync does not honour the SSL truststore property
  • [RANGER-846] - Ranger deviates from Hadoop usernames
  • [RANGER-847] - Fix code scan issues
  • [RANGER-849] - Good coding practice: fix potentil Null Pointer dereference
  • [RANGER-850] - Test test30getPolicyFromEventTime does not fail but it throws an NPE
  • [RANGER-852] - ArrayOutOfBoundsException can be triggered due to faulty check in UnixUserGroupBuilder
  • [RANGER-853] - Remove the unused project lookup-client as its contents were moved into individual plugin project since ranger-0.5 release
  • [RANGER-859] - Allow user to define custom log directory during Ranger installation
  • [RANGER-863] - Make parameters like maxHttpHeaderSize configurable for EmbeddedServer
  • [RANGER-864] - RangerPolicy.set(List<?>) methods append to existing value, instead of overwriting
  • [RANGER-865] - Service delete should delete associated service-resources and tag-resource-maps
  • [RANGER-870] - PMD build error
  • [RANGER-872] - Patch validation executed upon submission of a patch - seems failing due to common usage of /tmp folder
  • [RANGER-875] - Restrict Grantor privileges of Ranger db user for Oracle DB Flavour
  • [RANGER-878] - Improve error logging and Ranger UI error message when test connection and lookup is done
  • [RANGER-880] - Good coding practice: inner class to be made static; wait() should be in a loop
  • [RANGER-882] - Policy engine initialization should handle incorrect values in policies
  • [RANGER-884] - PMD build error
  • [RANGER-885] - ClassCastException in SolrClient
  • [RANGER-886] - RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
  • [RANGER-887] - Changes needed to convert log4j.xml to log4j.properties
  • [RANGER-888] - Provide support to delete Users and Groups from Ranger Admin UI
  • [RANGER-891] - Audit shutdown hook to be registered with Hadoop ShutdownHookManager, instead of directly with Java Runtime
  • [RANGER-892] - Ranger SOLR plugins should not add dependent libraries to component's CLASSPATH
  • [RANGER-893] - Ranger ugsync with LDAP is not able to fetch group information
  • [RANGER-894] - Ranger ldap tool is ignoring OU's from user search base
  • [RANGER-896] - Add Maria DB support for Ranger and Ranger KMS
  • [RANGER-899] - Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
  • [RANGER-901] - x_service table columns that track policy/tag updates to be moved to a new table
  • [RANGER-902] - tags that are private to a service-resource should be deleted when service-resource is deleted
  • [RANGER-903] - optimize updates to resource-tag info
  • [RANGER-904] - Update create-policy REST API to support override values via query parameters
  • [RANGER-906] - Knox Ranger Plugin needs addition dependency jar for webhdfs calls to work
  • [RANGER-907] - Copy + paste error in RangerYarnAuthorizer
  • [RANGER-910] - Improve db and java patches execution logic to make that more robust
  • [RANGER-912] - Ranger Admin UI to support datamask & row-filter policies
  • [RANGER-914] - Where is the download page on the website?
  • [RANGER-915] - The website needs a more prominent link to the issue tracker
  • [RANGER-917] - Ranger Hive authorizer to be updated for changes in Hive
  • [RANGER-918] - Publish Range libraries for plugin development to maven central
  • [RANGER-920] - Update HBase plugin for changes in the HBase Authorizer interface
  • [RANGER-921] - Improve implementation of internal SQL calls and make it more generic
  • [RANGER-926] - Ranger UI validation changes to allow . [dot] in firstname and lastname fields
  • [RANGER-931] - Fix Ranger Projects pom for name change for artifacts from “org.apache.calcite:calcite-avatica:${calcite.version}” to “org.apache.calcite.avatica:avatica:${avatica.version}”
  • [RANGER-932] - Fix assemblies after patch for RANGER-839
  • [RANGER-933] - Services landing page restricts the listing to first 25 services only
  • [RANGER-934] - Ranger should use released version of EclipseLink
  • [RANGER-935] - Persistence.xml file should have mapping of all Entity classes
  • [RANGER-939] - Update to use Storm version 1.0.0
  • [RANGER-940] - Add null check for ranger.ks.hsm.enabled property
  • [RANGER-941] - Getting Access denied page while creating kms service on Ranger UI
  • [RANGER-942] - TagSync deployment in environments without Atlas
  • [RANGER-945] - SaveVersion python script in ranger-util not working
  • [RANGER-951] - Modify ranger-admin to put stackdef for specified components
  • [RANGER-952] - Tagadmin user name should be configurable in tagsync module
  • [RANGER-954] - Compilation fix due to HIVE change (HIVE-13424)
  • [RANGER-955] - TagSync should be updated to process ENTITY_DELETE notification
  • [RANGER-957] - Modify ranger kms to use service identity (from service keytab) to download policies from ranger admin
  • [RANGER-960] - Service-def update does not preserve the order in which permissions are listed
  • [RANGER-962] - Ranger plugin should have an option to use X-Forwarded-For address
  • [RANGER-963] - Ranger UI : Search tagService filter(API) is not working on service create/update page
  • [RANGER-964] - Fix NOTICE and LICENSE file contents
  • [RANGER-965] - Validate Audit DB to Solr Migration script from any previous version to 0.6 upgrade
  • [RANGER-968] - Remove email validation to allow syncing users from a file
  • [RANGER-969] - Property ranger.usersync.filesource.text.delimiter mis-spelled
  • [RANGER-971] - RangerPolicyEvaluator Cache key needs to include resource-def-name
  • [RANGER-972] - Default value for tagsync to retry tag upload to ranger is too small
  • [RANGER-973] - Kerberos : Ranger Admin to perform Key operations using Principal / keytab of RangerAdmin from UI
  • [RANGER-974] - Allow users to move policy items in create / edit Policy screen
  • [RANGER-975] - Rename ranger log file from xa_portal.log to ranger_admin.log
  • [RANGER-976] - Update tagsync packaging to include Kafka libraries
  • [RANGER-977] - Ranger KMS default policies should include hdfs & hive
  • [RANGER-981] - Change session cookie name from JSESSIONID to RANGERADMINSESSIONID
  • [RANGER-982] - Review/update name of default policies in a new service instance
  • [RANGER-984] - Ranger Admin Install fails with "022-split-service-table.sql Import failed!"
  • [RANGER-989] - java.lang.NoClassDefFoundError: org/apache/commons/httpclient/URIException during user sync
  • [RANGER-990] - Automate setting Proxy User in Ranger KMS
  • [RANGER-991] - Ranger should support authorization for Apache Atlas
  • [RANGER-992] - create_dbversion_catalog.sql DB schema import failed
  • [RANGER-993] - [Row Filter & colum masking] issues with auditing of colum masking and row filter
  • [RANGER-994] - Ranger Support for Audit to Secure Solr
  • [RANGER-995] - Implement good coding practices
  • [RANGER-996] - The PolicyRefresher doesn't cache policies if the directory doesn't already exist
  • [RANGER-997] - Improve Policy Listing performance on Reports page having more than 1000 policies
  • [RANGER-998] - Trim policy name in create/update policy request
  • [RANGER-999] - Delete Module REST API is failing as it is not removing assigned users and groups
  • [RANGER-1000] - Tag service deletion failure due to MySQLIntegrityConstraintViolationException
  • [RANGER-1003] - Handle Ranger upgrade scenario in Kerberized Cluster
  • [RANGER-1004] - Remove need to set access type for column masking, row filtering in Ranger UI
  • [RANGER-1008] - if one of OU is invalid out of multiple ou configured then no user syncd from any of the OU
  • [RANGER-1009] - Ranger returns stale service/policies if service-name is reused
  • [RANGER-1010] - Make 2 sso properties non-configurable in Ranger
  • [RANGER-1011] - User's Group name attribute in Ranger Usersync LDAP configuration must be optional
  • [RANGER-1012] - Ranger ldap tool stores the admin bind password in config file in clear text
  • [RANGER-1013] - Move some properties from ranger-admin-site.xml to ranger-admin-default-site.xml
  • [RANGER-1014] - Ranger UI : Show allow/deny policy items info on Report page
  • [RANGER-1015] - Ranger KMS changes to cater to hadoop kms commits
  • [RANGER-1016] - Display resourceType field under the Audit -> Access tab
  • [RANGER-1017] - Audit to Secure Solr needs Solrj Jars from apache to be included in package
  • [RANGER-1018] - Ranger User creation failing with SQLAnywhere and MS SQL Server DB Flavor
  • [RANGER-1019] - Audit to secure solr needs httpclient dependency library 4.5.2 version
  • [RANGER-1020] - Remove (old) Calcite dependency
  • [RANGER-1021] - Ranger plugins for components should only download policies which are in 'Enabled' state
  • [RANGER-1022] - Audit summary statistics (such as event_count, event_dur_ms) are not persisted when audit destination is RDBMS
  • [RANGER-1023] - Handle requests from non-kerberized browser when Ranger is kerberized
  • [RANGER-1024] - Improve implementation of java patch PatchPersmissionModel_J10003 to handle large amount of users
  • [RANGER-1025] - Policy search REST API implemented in public api V1 is not returning results as expected
  • [RANGER-1026] - Ranger service to generate PID
  • [RANGER-1027] - Packaging changes for Ranger Atlas Plugin
  • [RANGER-1028] - Audit log not created for change of Tag based service name
  • [RANGER-1029] - Update Ranger to support Kafka version 0.10.0.0
  • [RANGER-1030] - Update Ranger to support Kafka version 0.10.0.0
  • [RANGER-1032] - Update TagSync installation to handle configurations for kerberos mode
  • [RANGER-1033] - admin audit logging is not happening correctly while deletion of the configuration from the service repo
  • [RANGER-1034] - Ranger KMS plugin should not add dependent libraries in Ranger KMS classpath
  • [RANGER-1035] - Improve implementation of Client classes to adhere to good coding practices
  • [RANGER-1036] - Solr Jaas config for ranger audit framework should not override the component Jaas config.
  • [RANGER-1037] - REST API for tag download returns incorrect return code
  • [RANGER-1038] - Usersync process is not syncing users from AD at intervals based on sleeptimeinmillisbetweensynccycle
  • [RANGER-1039] - User and groups having special characters are not populating in edit policy page
  • [RANGER-1040] - Add unique key constraint on user_name column of x_user table
  • [RANGER-1041] - Failure to sync one user to admin causes other users/groups also not to be synced from usersync to admin
  • [RANGER-1042] - Reduce clutter in tagsync debug log
  • [RANGER-1043] - Update tagsync for changes in ATLAS-542 - table.name -> table.qualifiedName
  • [RANGER-1045] - Ranger should provide support to force use inmemory jaas config when auditing to secure solr
  • [RANGER-1046] - ranger kms repo creation is failing after ranger kms is installed
  • [RANGER-1047] - Getting 204 error when trying to access Ranger with KnoxSSO if user does not exist in Ranger DB
  • [RANGER-1048] - Ranger Hbase lookup should use the config provided in the Ranger hbase service
  • [RANGER-1052] - Remove or Fix all skipped unit tests in RANGER
  • [RANGER-1053] - policy download fails with HTTP code 401 for long running components in kerberized cluster
  • [RANGER-1057] - Ambari configuration for ranger-tagsync needs to support ranger.tagsync.source.atlasrest.keystore.filename property
  • [RANGER-1058] - Ambari configuration for ranger-tagsync needs to support property for atlas keystore filename
  • [RANGER-1059] - updatetagadminpassword.py script should use user names from ranger-tagsync-site
  • [RANGER-1060] - Ranger Hbase and Hive Plugin Grant Revoke REST call should send the right http response when authorization fails in kerberized cluster
  • [RANGER-1061] - Add admin user to default policy of Atlas
  • [RANGER-1062] - Remove conflicting jars from Ranger Atlas plugin
  • [RANGER-1063] - Increase size of sort_order column of x_policy_item_user_perm and x_policy_item_group_perm table
  • [RANGER-1064] - Incorrect value specified for atlas.kafka.security.protocol property for manual kerberized tagsync installation
  • [RANGER-1067] - admin audit logging is not correct when add and delete the configuration from the service repo.
  • [RANGER-1068] - Issue with ranger admin restart and pid generation
  • [RANGER-1069] - if a user permissions are removed from a policy through revoke operation then also users is shown
  • [RANGER-1070] - Export table should be allowed only when masking or row-filtering are not specified
  • [RANGER-1071] - Ranger Storm Plugin should package codehaus.jackson libs as part of dependent jar
  • [RANGER-1072] - Add slf4j libraries and its dependencies for Ranger Atlas plugin
  • [RANGER-1073] - permission denied for rangeradmin.jceks.crc file
  • [RANGER-1074] - grant and revoke are working even if user is not added to auth properties in repo
  • [RANGER-1077] - Audit logs for Hive access show empty IP address
  • [RANGER-1078] - grant and revoke are not working as expected
  • [RANGER-1079] - tagsync should attempt re-initializing failed tag sources periodically
  • [RANGER-1080] - even if service creation is failed then also 200 Respons is returned
  • [RANGER-1082] - Ranger should support newer Storm Topology methods in the Ranger Storm Plugin for Authorization
  • [RANGER-1083] - Ranger PolicyRefresh and RangerTagEnricher threads should be of daemon type
  • [RANGER-1084] - Ranger not working with Knox Proxy
  • [RANGER-1085] - Ranger UI : policy creation validation error
  • [RANGER-1086] - Under Audit>Admin tab pop up for service create and update does not work
  • [RANGER-1087] - Block insert/update/delete/truncate when row-filter/column-mask is enabled for the user
  • [RANGER-1088] - denied auditing is not done if resource lookup fail
  • [RANGER-1089] - KMS] kms.log file gets bigger
  • [RANGER-1092] - Ranger YARN Plugin should not fails to download policy when UGI ticket expires
  • [RANGER-1098] - for hive and hbase two properties are present policy.grantrevoke.auth.users & policy.grant.revoke.auth.users </ul>

     

    Improvement

    • [RANGER-274] - Add support for TAG based policies
    • [RANGER-647] - Add PAM Support
    • [RANGER-648] - Provide a way to clean-up old policy-engine and related resources.
    • [RANGER-669] - Ranger doc several typos in FAQ
    • [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
    • [RANGER-691] - Ranger Admin shouldn't expect users to be sync'ed for authentication
    • [RANGER-699] - higher level policy API to hide complexity of policy update/create/delete
    • [RANGER-722] - StartTLS support for Ranger
    • [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
    • [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
    • [RANGER-776] - Write sql patch to create Ranger user 'rangertagsync' for all DB
    • [RANGER-815] - In Solr managed-schema, we should set default for event_count and seq_num
    • [RANGER-818] - Fix XML indentation in pom files
    • [RANGER-819] - Allow pasting into password fields in Ranger web UI
    • [RANGER-822] - Add PMD maven plugin to keep source code analyzer run as part of verify process
    • [RANGER-827] - Use system supplied mechanism to get users and groups on unix
    • [RANGER-828] - Bump up Apache parent plugin version + fix scm tag value
    • [RANGER-832] - Bump plugin versions
    • [RANGER-833] - In Ranger UI add support for usernames containing a plus "+" symbol
    • [RANGER-839] - Update httpcomponent dependencies
    • [RANGER-842] - Allow PAM for authentication
    • [RANGER-845] - Replace StringBuffer with StringBuilder
    • [RANGER-857] - Unify (and update) Tomcat versions
    • [RANGER-889] - Policy engine API to find list of users/groups having access to a resource
    • [RANGER-897] - Change Apache DS tests to run on a random port
    • [RANGER-898] - Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"
    • [RANGER-913] - Improvements on Reports page in Ranger Admin
    • [RANGER-922] - Adding debug statement to identify build issue in build.apache.org
    • [RANGER-936] - Some junit related improvements
    • [RANGER-938] - Add NiFi service definition and NiFiClient
    • [RANGER-946] - Ranger UI : Add policy type filter to report page
    • [RANGER-948] - Cleanup test dependencies
    • [RANGER-949] - Some agents improvements
    • [RANGER-967] - Allow additional characters in username
    • [RANGER-970] - Ranger Usersync - Add Ability to transform user/group names to file source
    • [RANGER-978] - Usersync: Remove creation of default email address
    • [RANGER-985] - Support download csv in Reports page as enhancement
    • [RANGER-1005] - Add command line utility to change Ranger user password
    • [RANGER-1051] - Fall back to getting groups from user UGI in HBase plugin
    • [RANGER-1054] - Enhance column masking feature to support custom value/expression
    • [RANGER-1055] - Enhance column masking feature to support custom value/expression
    • [RANGER-1056] - Update to Hive 2.1.0
    • [RANGER-1065] - Need to change default audit retentions in Solr 3 months and do some performance tuning
    • [RANGER-1081] - Remove "Get Cluster Info / Get Nimbus Conf" from Admin UI permission list for Storm

    New Feature

    • [RANGER-526] - Provide REST API to change user role
    • [RANGER-652] - LDAP configuration tool
    • [RANGER-666] - Ranger to support Azure SQL Database
    • [RANGER-685] - Ranger Admin - Add Ability to Authenticate with Knox SSO provider
    • [RANGER-686] - Allow specifying keytabs in Ranger repositories
    • [RANGER-712] - Create a new project which can serve as a template to write ranger extensions
    • [RANGER-803] - Support multiple OU in LDAP search for Ranger usersync
    • [RANGER-867] - Add Kerberos support for ranger admin and clients
    • [RANGER-868] - Ranger-KMS - Luna HSM Integration
    • [RANGER-869] - Group Based search support for ranger usersync
    • [RANGER-873] - Ranger Policy model to support data masking
    • [RANGER-900] - Remove support for DB based auditing
    • [RANGER-908] - Ranger policy model to support row-filtering
    • [RANGER-909] - Ranger Hive plugin to support row-filtering

    Task

    • [RANGER-582] - How to create Service/Repo in RangerAdmin
    • [RANGER-597] - Troubleshooting UserSync in Ranger
    • [RANGER-806] - Ranger cli utility to delete users from Ranger DB
    • [RANGER-823] - Update the version number to 0.6.0 on the maven pom.xml files
    • [RANGER-881] - How to add Ranger authorization for an application? Sample
    • [RANGER-895] - Ranger Hive plugin to support column-masking
    • [RANGER-923] - Modify the current version to 0.6.0-SNAPSHOT instead of 0.6.0 (since it is not released yet)
    • [RANGER-959] - Update doc site with contributor list - based on JIRA system
    • [RANGER-966] - Add Apache licenses for .py files
    • [RANGER-1093] - Release Ranger 0.6.0

    Test

    • [RANGER-762] - Unit test for hive tag-policy fails
    • [RANGER-816] - Add unit tests for file-based tag enricher
    • [RANGER-830] - Unit test for verifying behaviour of "Exclude" setting in the Ranger Policy
    • [RANGER-841] - Remove deprecated junit.framework dependencies
    • [RANGER-1006] - Add tests for the HDFS plugin
    • [RANGER-1031] - Add tests for the HIVE plugin

    Wish

    • [RANGER-626] - Hdfs use in not showing in ranger console

 

 






  • No labels