Release Notes - Ranger 0.6.0 (Release in progress)
Sub-task
- [RANGER-270] - Solr configuration and setup files and documentation
- [RANGER-271] - Script and process to migrate existing audit from RDBMS to Solr
- [RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
- [RANGER-595] - Support for persisting tag info in the database
- [RANGER-611] - Update policy listing page with a new column 'Policy Type'
- [RANGER-612] - Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization
- [RANGER-643] - Audit page: filter by Tags column does not work
- [RANGER-644] - Update Solr audit source/destination to support 'Tags' field
- [RANGER-645] - Tag DB Store should be available in all supported DB flavors
- [RANGER-646] - Policy UI updates for the changes in policy model to support policyItems of type allow/deny/allow-exception/deny-exception
- [RANGER-660] - Implement TagSync process to populate Ranger with tag details
- [RANGER-670] - Policy UI to support input of a single value for resources
- [RANGER-709] - Support conditions that handle only a single value
- [RANGER-737] - Need to update the current implementation for recent changes in Kafka
- [RANGER-843] - Add indexes to improve Postgres query performance
- [RANGER-844] - Optimize policy retrieval for non-admin users
- [RANGER-848] - Policy listing page: users column is empty for non-admin users
- [RANGER-851] - Remove all occurrences from code that would violate PMD EmptyFinallyBlock rule
- [RANGER-855] - Fix "BooleanInstantiation" issues
- [RANGER-856] - Fix "DontImportJavaLang" issues
- [RANGER-860] - Fix DuplicateImports/UnusedImports
- [RANGER-866] - Service delete fails with error 'XXService was updated or deleted by another transaction'
- [RANGER-871] - Fix migrating issues
- [RANGER-874] - Deny & allow/deny exceptions in policies should be optional
- [RANGER-876] - Policy UI updates to make deny & exception policy items optional
- [RANGER-877] - Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow
- [RANGER-879] - Fix JUnit4TestShouldUseTestAnnotation issue
- [RANGER-883] - Fix remaining "imports" issues
- [RANGER-890] - Fix "unnecessary" issues
- [RANGER-905] - Fix "UnusedModifier" issues
- [RANGER-911] - Fix Unused Formal Parameters
- [RANGER-937] - Fix unused local variables issue
- [RANGER-953] - Tag Based policies menu is not appearing for 'ADMIN' role users after upgrade from 0.5
Bug
- [RANGER-149] - If the HDFS file system is empty then repository configurator gives confusing message
- [RANGER-204] - Not able to delete user or group if user/group has any policy defined.
- [RANGER-205] - Delete rest api of User not deleting user completely from system
- [RANGER-218] - LDAP Groups incorrectly labelled internal
- [RANGER-255] - Email Address discrepancy
- [RANGER-341] - request_data and request_path columns are short
- [RANGER-414] - Resource name is not easily readable in Ranger access logs
- [RANGER-541] - Address 0.5 release packaging feedback
- [RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
- [RANGER-575] - Allow KMS policies to be assigned to all users
- [RANGER-584] - Service validation: Provide user friendly error messages about validation failures
- [RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
- [RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
- [RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
- [RANGER-596] - Add support for location based authorization
- [RANGER-606] - Add support for deny policies
- [RANGER-607] - Unable to create multiple policyItems for same user or group
- [RANGER-608] - Denied access to list a directory does not generate audit
- [RANGER-609] - Limit the width of 'Policy Conditions' column in policy-edit page
- [RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
- [RANGER-616] - Add UI validation for max length of service conf properties fields
- [RANGER-617] - Handle Search by status on policy search filter
- [RANGER-618] - KMS gets slower in key creation once Database grows
- [RANGER-619] - Add a Hive condition to restrict access to mutually exclusive columns
- [RANGER-622] - Hive plugin: Add jar via beeline throws NPE
- [RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
- [RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
- [RANGER-628] - Make filters for ranger-admin search binds configurable
- [RANGER-631]- audit log is not present for deleting user
- [RANGER-632] - Policy validation error messages produced by the server are not seen by the user
- [RANGER-633] - Service validation error messages produced by the server are not seen by the user
- [RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
- [RANGER-635] - delete an user and then add a new user with same id but with diffenent role creates user with old role
- [RANGER-636] - Component Level Permission popup for tag based policy create page
- [RANGER-637] - Make REFERRAL property in Ranger User sync configurable
- [RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
- [RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
- [RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
- [RANGER-654] - Component process goes in a tight loop if audit destination is down
- [RANGER-656] - Ranger UI - KMS Need to handle 404 error when clicked on breadcrumb
- [RANGER-658] - Package ranger_credential_helper.py with Ranger Usersync assembly
- [RANGER-661] - Plugin receives empty policy list though the service has policies
- [RANGER-662] - Policy create/update failures leave partial policy in the database
- [RANGER-663] - Race condition during policy update causes policy to get in an bad state
- [RANGER-664] - Ranger PolicyRefresh REST Client timeout parameter should be configurable
- [RANGER-671] - Add support to retrieve permissions for the logged in user from UserSession rather going to database every time
- [RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
- [RANGER-673] - Setup changes to allow Ranger service to installed using custom service user
- [RANGER-674] - Ranger public rest api gives 200 response for wrong credential instead of 401
- [RANGER-675] - User with access to one of columns via tag is able to access other columns as well
- [RANGER-677] - Ranger Admin fails to render policies referring to groups that contain "." in name
- [RANGER-679] - Support Secure Solr from Ranger Admin
- [RANGER-680] - Remove public group (by default) in default policy for KMS repo
- [RANGER-681] - Update default sync intervals for LDAP and UNIX
- [RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
- [RANGER-683] - User with authorization to a tag is allowed access even though access is denied by a policy for the resource
- [RANGER-688] - Handle scenario where ids of XUser and XPortalUser are not in sync
- [RANGER-690] - Ranger Admin doesn't show error if Audit Solr is down
- [RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
- [RANGER-700] - Provide a wrapper shell script to run the FileSourceUserGroupBuilder process
- [RANGER-701] - Update setup scripts to allow special characters in passwords
- [RANGER-702] - Optimize policy download performance
- [RANGER-703] - Policy UI validation blocks policy with audit-disabled and no groups
- [RANGER-704] - Service enable/disable should refresh the policies in the plugins
- [RANGER-710] - Add a permission for 'Tag Based Policies'
- [RANGER-711] - Fix code defects uncovered by static analysis of code-base
- [RANGER-714] - Enhancements to the db admin setup scripts.
- [RANGER-719] - Audit in RangerAdmin doesn't show latest audits in UI if server is on different timezone
- [RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
- [RANGER-724] - AuditBatchQueue: prevQueueSize not recomputed after initial assignment - static code analyzer flagged issue
- [RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
- [RANGER-726] - Ranger Build Compilation faliure due to atlas changes
- [RANGER-727] - Knox Plugin failed to AuditToSpool file when Audit Destination is down
- [RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
- [RANGER-731] - Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS
- [RANGER-733] - Implement best coding practices to resolve issues found during code scan
- [RANGER-734] - Add unit tests for Ranger Usersync module
- [RANGER-736] - Apache license headers missing in files from recent commit
- [RANGER-739] - Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue
- [RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
- [RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
- [RANGER-743] - External users with Admin Role should be allowed to create/update users
- [RANGER-745] - Upgrade Apache commons-collections
- [RANGER-748] - Users in policy got changed after upgrade
- [RANGER-751] - Ranger admin setup fails with TypeError
- [RANGER-752] - Name node not starting due StackOverFlowError exception
- [RANGER-753] - Optimize tag download performance
- [RANGER-754] - Ranger YARN Plugin lookup and test connection should support SPENGO enabled HTTP Authentication
- [RANGER-755] - ldap run.sh script fails since auth directory does not exist
- [RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
- [RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
- [RANGER-758] - Handle special characters in passwords starting from -r
- [RANGER-759] - Fix Ranger Knox SSO logout/session expired issues
- [RANGER-760] - Ranger UI code cleanup
- [RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
- [RANGER-763] - Optimize policy evaluation by reordering match-checks
- [RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
- [RANGER-765] - Handle logout scenario for knox sso disabled case
- [RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
- [RANGER-769] - Can't connect to Solr server because of Httpcore issue in HBase
- [RANGER-770] - Fix NullPointerException Unit test cases on master branch
- [RANGER-771] - 4+ Log entries upon login in in X_AUTH_SESS
- [RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
- [RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
- [RANGER-775] - Annotate classes used in REST API with ignoreUnknown=true for version compatibility
- [RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
- [RANGER-778] - Fix user update issue
- [RANGER-779] - Remove unused attributes in RangerPolicyItem
- [RANGER-780] - Atlas-Interface: Update Atlas Notification processing to accommodate format changes to qualifiedName attribute
- [RANGER-781] - Ranger Kafka Plugin failed to log audit into secure hdfs cluster
- [RANGER-784] - Annotate REST API classes to use get/set methods instead of directly accessing fields
- [RANGER-787] - Clean up ranger-tagsync configuration; remove unneeded parameters
- [RANGER-788] - Ranger Admin should set delegateAdmin=false for tag-based policies
- [RANGER-789] - Incorrect policy list paging for non-admin users
- [RANGER-791] - Update ranger to work with HiveAuthorizer interface changes
- [RANGER-792] - Updates for Atlas API changes in ATLAS-394
- [RANGER-793] - Atlas notification dependencies should be included in ranger-tagsync package
- [RANGER-794] - Ranger policy engine performance measurement
- [RANGER-795] - Ranger admin does not start when SSL is enabled.
- [RANGER-796] - Good coding practice: fix issues in updates from RANGER-794
- [RANGER-797] - Good coding practice: fix issues in updates from RANGER-789
- [RANGER-798] - Handle different timezone issue while saving audit logs to Solr
- [RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
- [RANGER-800] - Move Context enricher implementation RangerFileBasedGeolocationProvider out of test into prod
- [RANGER-801] - Enable tagsync to run in secure mode.
- [RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
- [RANGER-804] - Delete groups associated with User causes Exception in UserSync
- [RANGER-805] - Update Ranger website FAQs
- [RANGER-807] - TagSync should support periodic full sync with Apache Atlas
- [RANGER-809] - Audit framework need to cache the getHostName() values to reuse for successive calls
- [RANGER-814] - In Ranger Audit using Solr, auto create fields should be single valued
- [RANGER-824] - Fix code standards to remove exceptions in pmd ruleset
- [RANGER-829] - Root pom specifies incorrect minimum Maven version
- [RANGER-831] - Single policy update increases policy history version by 2 - gives error to view history
- [RANGER-835] - Authentication bypass in Ranger API
- [RANGER-836] - Optimize policy download to plugins - by not including unused fields
- [RANGER-838] - Tag-sync should be resilient to Ranger Admin availability
- [RANGER-840] - ranger-admin and ranger-usersync does not honour the SSL truststore property
- [RANGER-846] - Ranger deviates from Hadoop usernames
- [RANGER-847] - Fix code scan issues
- [RANGER-849] - Good coding practice: fix potentil Null Pointer dereference
- [RANGER-850] - Test test30getPolicyFromEventTime does not fail but it throws an NPE
- [RANGER-852] - ArrayOutOfBoundsException can be triggered due to faulty check in UnixUserGroupBuilder
- [RANGER-853] - Remove the unused project lookup-client as its contents were moved into individual plugin project since ranger-0.5 release
- [RANGER-859] - Allow user to define custom log directory during Ranger installation
- [RANGER-863] - Make parameters like maxHttpHeaderSize configurable for EmbeddedServer
- [RANGER-864] - RangerPolicy.set(List<?>) methods append to existing value, instead of overwriting
- [RANGER-865] - Service delete should delete associated service-resources and tag-resource-maps
- [RANGER-870] - PMD build error
- [RANGER-872] - Patch validation executed upon submission of a patch - seems failing due to common usage of /tmp folder
- [RANGER-875] - Restrict Grantor privileges of Ranger db user for Oracle DB Flavour
- [RANGER-878] - Improve error logging and Ranger UI error message when test connection and lookup is done
- [RANGER-880] - Good coding practice: inner class to be made static; wait() should be in a loop
- [RANGER-882] - Policy engine initialization should handle incorrect values in policies
- [RANGER-884] - PMD build error
- [RANGER-885] - ClassCastException in SolrClient
- [RANGER-886] - RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
- [RANGER-887] - Changes needed to convert log4j.xml to log4j.properties
- [RANGER-888] - Provide support to delete Users and Groups from Ranger Admin UI
- [RANGER-891] - Audit shutdown hook to be registered with Hadoop ShutdownHookManager, instead of directly with Java Runtime
- [RANGER-892] - Ranger SOLR plugins should not add dependent libraries to component's CLASSPATH
- [RANGER-893] - Ranger ugsync with LDAP is not able to fetch group information
- [RANGER-894] - Ranger ldap tool is ignoring OU's from user search base
- [RANGER-896] - Add Maria DB support for Ranger and Ranger KMS
- [RANGER-899] - Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
- [RANGER-901] - x_service table columns that track policy/tag updates to be moved to a new table
- [RANGER-902] - tags that are private to a service-resource should be deleted when service-resource is deleted
- [RANGER-903] - optimize updates to resource-tag info
- [RANGER-904] - Update create-policy REST API to support override values via query parameters
- [RANGER-906] - Knox Ranger Plugin needs addition dependency jar for webhdfs calls to work
- [RANGER-907] - Copy + paste error in RangerYarnAuthorizer
- [RANGER-910] - Improve db and java patches execution logic to make that more robust
- [RANGER-912] - Ranger Admin UI to support datamask & row-filter policies
- [RANGER-914] - Where is the download page on the website?
- [RANGER-915] - The website needs a more prominent link to the issue tracker
- [RANGER-917] - Ranger Hive authorizer to be updated for changes in Hive
- [RANGER-918] - Publish Range libraries for plugin development to maven central
- [RANGER-920] - Update HBase plugin for changes in the HBase Authorizer interface
- [RANGER-921] - Improve implementation of internal SQL calls and make it more generic
- [RANGER-926] - Ranger UI validation changes to allow . [dot] in firstname and lastname fields
- [RANGER-931] - Fix Ranger Projects pom for name change for artifacts from “org.apache.calcite:calcite-avatica:${calcite.version}” to “org.apache.calcite.avatica:avatica:${avatica.version}”
- [RANGER-932] - Fix assemblies after patch for RANGER-839
- [RANGER-933] - Services landing page restricts the listing to first 25 services only
- [RANGER-934] - Ranger should use released version of EclipseLink
- [RANGER-935] - Persistence.xml file should have mapping of all Entity classes
- [RANGER-939] - Update to use Storm version 1.0.0
- [RANGER-940] - Add null check for ranger.ks.hsm.enabled property
- [RANGER-941] - Getting Access denied page while creating kms service on Ranger UI
- [RANGER-942] - TagSync deployment in environments without Atlas
- [RANGER-945] - SaveVersion python script in ranger-util not working
- [RANGER-951] - Modify ranger-admin to put stackdef for specified components
- [RANGER-952] - Tagadmin user name should be configurable in tagsync module
- [RANGER-954] - Compilation fix due to HIVE change (HIVE-13424)
- [RANGER-955] - TagSync should be updated to process ENTITY_DELETE notification
- [RANGER-957] - Modify ranger kms to use service identity (from service keytab) to download policies from ranger admin
- [RANGER-960] - Service-def update does not preserve the order in which permissions are listed
- [RANGER-962] - Ranger plugin should have an option to use X-Forwarded-For address
- [RANGER-963] - Ranger UI : Search tagService filter(API) is not working on service create/update page
- [RANGER-964] - Fix NOTICE and LICENSE file contents
- [RANGER-965] - Validate Audit DB to Solr Migration script from any previous version to 0.6 upgrade
- [RANGER-968] - Remove email validation to allow syncing users from a file
- [RANGER-969] - Property ranger.usersync.filesource.text.delimiter mis-spelled
- [RANGER-971] - RangerPolicyEvaluator Cache key needs to include resource-def-name
- [RANGER-972] - Default value for tagsync to retry tag upload to ranger is too small
- [RANGER-973] - Kerberos : Ranger Admin to perform Key operations using Principal / keytab of RangerAdmin from UI
- [RANGER-974] - Allow users to move policy items in create / edit Policy screen
- [RANGER-975] - Rename ranger log file from xa_portal.log to ranger_admin.log
- [RANGER-976] - Update tagsync packaging to include Kafka libraries
- [RANGER-977] - Ranger KMS default policies should include hdfs & hive
- [RANGER-981] - Change session cookie name from JSESSIONID to RANGERADMINSESSIONID
- [RANGER-982] - Review/update name of default policies in a new service instance
- [RANGER-984] - Ranger Admin Install fails with "022-split-service-table.sql Import failed!"
- [RANGER-989] - java.lang.NoClassDefFoundError: org/apache/commons/httpclient/URIException during user sync
- [RANGER-990] - Automate setting Proxy User in Ranger KMS
- [RANGER-991] - Ranger should support authorization for Apache Atlas
- [RANGER-992] - create_dbversion_catalog.sql DB schema import failed
- [RANGER-993] - [Row Filter & colum masking] issues with auditing of colum masking and row filter
- [RANGER-994] - Ranger Support for Audit to Secure Solr
- [RANGER-995] - Implement good coding practices
- [RANGER-996] - The PolicyRefresher doesn't cache policies if the directory doesn't already exist
- [RANGER-997] - Improve Policy Listing performance on Reports page having more than 1000 policies
- [RANGER-998] - Trim policy name in create/update policy request
- [RANGER-999] - Delete Module REST API is failing as it is not removing assigned users and groups
- [RANGER-1000] - Tag service deletion failure due to MySQLIntegrityConstraintViolationException
- [RANGER-1003] - Handle Ranger upgrade scenario in Kerberized Cluster
- [RANGER-1004] - Remove need to set access type for column masking, row filtering in Ranger UI
- [RANGER-1008] - if one of OU is invalid out of multiple ou configured then no user syncd from any of the OU
- [RANGER-1009] - Ranger returns stale service/policies if service-name is reused
- [RANGER-1010] - Make 2 sso properties non-configurable in Ranger
- [RANGER-1011] - User's Group name attribute in Ranger Usersync LDAP configuration must be optional
- [RANGER-1012] - Ranger ldap tool stores the admin bind password in config file in clear text
- [RANGER-1013] - Move some properties from ranger-admin-site.xml to ranger-admin-default-site.xml
- [RANGER-1014] - Ranger UI : Show allow/deny policy items info on Report page
- [RANGER-1015] - Ranger KMS changes to cater to hadoop kms commits
- [RANGER-1016] - Display resourceType field under the Audit -> Access tab
- [RANGER-1017] - Audit to Secure Solr needs Solrj Jars from apache to be included in package
- [RANGER-1018] - Ranger User creation failing with SQLAnywhere and MS SQL Server DB Flavor
- [RANGER-1019] - Audit to secure solr needs httpclient dependency library 4.5.2 version
- [RANGER-1020] - Remove (old) Calcite dependency
- [RANGER-1021] - Ranger plugins for components should only download policies which are in 'Enabled' state
- [RANGER-1022] - Audit summary statistics (such as event_count, event_dur_ms) are not persisted when audit destination is RDBMS
- [RANGER-1023] - Handle requests from non-kerberized browser when Ranger is kerberized
- [RANGER-1024] - Improve implementation of java patch PatchPersmissionModel_J10003 to handle large amount of users
- [RANGER-1025] - Policy search REST API implemented in public api V1 is not returning results as expected
- [RANGER-1026] - Ranger service to generate PID
- [RANGER-1027] - Packaging changes for Ranger Atlas Plugin
- [RANGER-1028] - Audit log not created for change of Tag based service name
- [RANGER-1029] - Update Ranger to support Kafka version 0.10.0.0
- [RANGER-1030] - Update Ranger to support Kafka version 0.10.0.0
- [RANGER-1032] - Update TagSync installation to handle configurations for kerberos mode
- [RANGER-1033] - admin audit logging is not happening correctly while deletion of the configuration from the service repo
- [RANGER-1034] - Ranger KMS plugin should not add dependent libraries in Ranger KMS classpath
- [RANGER-1035] - Improve implementation of Client classes to adhere to good coding practices
- [RANGER-1036] - Solr Jaas config for ranger audit framework should not override the component Jaas config.
- [RANGER-1037] - REST API for tag download returns incorrect return code
- [RANGER-1038] - Usersync process is not syncing users from AD at intervals based on sleeptimeinmillisbetweensynccycle
- [RANGER-1039] - User and groups having special characters are not populating in edit policy page
- [RANGER-1040] - Add unique key constraint on user_name column of x_user table
- [RANGER-1041] - Failure to sync one user to admin causes other users/groups also not to be synced from usersync to admin
- [RANGER-1042] - Reduce clutter in tagsync debug log
- [RANGER-1043] - Update tagsync for changes in ATLAS-542 - table.name -> table.qualifiedName
- [RANGER-1045] - Ranger should provide support to force use inmemory jaas config when auditing to secure solr
- [RANGER-1046] - ranger kms repo creation is failing after ranger kms is installed
- [RANGER-1047] - Getting 204 error when trying to access Ranger with KnoxSSO if user does not exist in Ranger DB
- [RANGER-1048] - Ranger Hbase lookup should use the config provided in the Ranger hbase service
- [RANGER-1052] - Remove or Fix all skipped unit tests in RANGER
- [RANGER-1053] - policy download fails with HTTP code 401 for long running components in kerberized cluster
- [RANGER-1057] - Ambari configuration for ranger-tagsync needs to support ranger.tagsync.source.atlasrest.keystore.filename property
- [RANGER-1058] - Ambari configuration for ranger-tagsync needs to support property for atlas keystore filename
- [RANGER-1059] - updatetagadminpassword.py script should use user names from ranger-tagsync-site
- [RANGER-1060] - Ranger Hbase and Hive Plugin Grant Revoke REST call should send the right http response when authorization fails in kerberized cluster
- [RANGER-1061] - Add admin user to default policy of Atlas
- [RANGER-1062] - Remove conflicting jars from Ranger Atlas plugin
- [RANGER-1063] - Increase size of sort_order column of x_policy_item_user_perm and x_policy_item_group_perm table
- [RANGER-1064] - Incorrect value specified for atlas.kafka.security.protocol property for manual kerberized tagsync installation
- [RANGER-1067] - admin audit logging is not correct when add and delete the configuration from the service repo.
- [RANGER-1068] - Issue with ranger admin restart and pid generation
- [RANGER-1069] - if a user permissions are removed from a policy through revoke operation then also users is shown
- [RANGER-1070] - Export table should be allowed only when masking or row-filtering are not specified
- [RANGER-1071] - Ranger Storm Plugin should package codehaus.jackson libs as part of dependent jar
- [RANGER-1072] - Add slf4j libraries and its dependencies for Ranger Atlas plugin
- [RANGER-1073] - permission denied for rangeradmin.jceks.crc file
- [RANGER-1074] - grant and revoke are working even if user is not added to auth properties in repo
- [RANGER-1077] - Audit logs for Hive access show empty IP address
- [RANGER-1078] - grant and revoke are not working as expected
- [RANGER-1079] - tagsync should attempt re-initializing failed tag sources periodically
- [RANGER-1080] - even if service creation is failed then also 200 Respons is returned
- [RANGER-1082] - Ranger should support newer Storm Topology methods in the Ranger Storm Plugin for Authorization
- [RANGER-1083] - Ranger PolicyRefresh and RangerTagEnricher threads should be of daemon type
- [RANGER-1084] - Ranger not working with Knox Proxy
- [RANGER-1085] - Ranger UI : policy creation validation error
- [RANGER-1086] - Under Audit>Admin tab pop up for service create and update does not work
- [RANGER-1087] - Block insert/update/delete/truncate when row-filter/column-mask is enabled for the user
- [RANGER-1088] - denied auditing is not done if resource lookup fail
- [RANGER-1089] - KMS] kms.log file gets bigger
- [RANGER-1092] - Ranger YARN Plugin should not fails to download policy when UGI ticket expires
- [RANGER-1098] - for hive and hbase two properties are present policy.grantrevoke.auth.users & policy.grant.revoke.auth.users </ul>
Improvement
- [RANGER-274] - Add support for TAG based policies
- [RANGER-647] - Add PAM Support
- [RANGER-648] - Provide a way to clean-up old policy-engine and related resources.
- [RANGER-669] - Ranger doc several typos in FAQ
- [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
- [RANGER-691] - Ranger Admin shouldn't expect users to be sync'ed for authentication
- [RANGER-699] - higher level policy API to hide complexity of policy update/create/delete
- [RANGER-722] - StartTLS support for Ranger
- [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
- [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
- [RANGER-776] - Write sql patch to create Ranger user 'rangertagsync' for all DB
- [RANGER-815] - In Solr managed-schema, we should set default for event_count and seq_num
- [RANGER-818] - Fix XML indentation in pom files
- [RANGER-819] - Allow pasting into password fields in Ranger web UI
- [RANGER-822] - Add PMD maven plugin to keep source code analyzer run as part of verify process
- [RANGER-827] - Use system supplied mechanism to get users and groups on unix
- [RANGER-828] - Bump up Apache parent plugin version + fix scm tag value
- [RANGER-832] - Bump plugin versions
- [RANGER-833] - In Ranger UI add support for usernames containing a plus "+" symbol
- [RANGER-839] - Update httpcomponent dependencies
- [RANGER-842] - Allow PAM for authentication
- [RANGER-845] - Replace StringBuffer with StringBuilder
- [RANGER-857] - Unify (and update) Tomcat versions
- [RANGER-889] - Policy engine API to find list of users/groups having access to a resource
- [RANGER-897] - Change Apache DS tests to run on a random port
- [RANGER-898] - Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"
- [RANGER-913] - Improvements on Reports page in Ranger Admin
- [RANGER-922] - Adding debug statement to identify build issue in build.apache.org
- [RANGER-936] - Some junit related improvements
- [RANGER-938] - Add NiFi service definition and NiFiClient
- [RANGER-946] - Ranger UI : Add policy type filter to report page
- [RANGER-948] - Cleanup test dependencies
- [RANGER-949] - Some agents improvements
- [RANGER-967] - Allow additional characters in username
- [RANGER-970] - Ranger Usersync - Add Ability to transform user/group names to file source
- [RANGER-978] - Usersync: Remove creation of default email address
- [RANGER-985] - Support download csv in Reports page as enhancement
- [RANGER-1005] - Add command line utility to change Ranger user password
- [RANGER-1051] - Fall back to getting groups from user UGI in HBase plugin
- [RANGER-1054] - Enhance column masking feature to support custom value/expression
- [RANGER-1055] - Enhance column masking feature to support custom value/expression
- [RANGER-1056] - Update to Hive 2.1.0
- [RANGER-1065] - Need to change default audit retentions in Solr 3 months and do some performance tuning
- [RANGER-1081] - Remove "Get Cluster Info / Get Nimbus Conf" from Admin UI permission list for Storm
New Feature
- [RANGER-526] - Provide REST API to change user role
- [RANGER-652] - LDAP configuration tool
- [RANGER-666] - Ranger to support Azure SQL Database
- [RANGER-685] - Ranger Admin - Add Ability to Authenticate with Knox SSO provider
- [RANGER-686] - Allow specifying keytabs in Ranger repositories
- [RANGER-712] - Create a new project which can serve as a template to write ranger extensions
- [RANGER-803] - Support multiple OU in LDAP search for Ranger usersync
- [RANGER-867] - Add Kerberos support for ranger admin and clients
- [RANGER-868] - Ranger-KMS - Luna HSM Integration
- [RANGER-869] - Group Based search support for ranger usersync
- [RANGER-873] - Ranger Policy model to support data masking
- [RANGER-900] - Remove support for DB based auditing
- [RANGER-908] - Ranger policy model to support row-filtering
- [RANGER-909] - Ranger Hive plugin to support row-filtering
Task
- [RANGER-582] - How to create Service/Repo in RangerAdmin
- [RANGER-597] - Troubleshooting UserSync in Ranger
- [RANGER-806] - Ranger cli utility to delete users from Ranger DB
- [RANGER-823] - Update the version number to 0.6.0 on the maven pom.xml files
- [RANGER-881] - How to add Ranger authorization for an application? Sample
- [RANGER-895] - Ranger Hive plugin to support column-masking
- [RANGER-923] - Modify the current version to 0.6.0-SNAPSHOT instead of 0.6.0 (since it is not released yet)
- [RANGER-959] - Update doc site with contributor list - based on JIRA system
- [RANGER-966] - Add Apache licenses for .py files
- [RANGER-1093] - Release Ranger 0.6.0
Test
- [RANGER-762] - Unit test for hive tag-policy fails
- [RANGER-816] - Add unit tests for file-based tag enricher
- [RANGER-830] - Unit test for verifying behaviour of "Exclude" setting in the Ranger Policy
- [RANGER-841] - Remove deprecated junit.framework dependencies
- [RANGER-1006] - Add tests for the HDFS plugin
- [RANGER-1031] - Add tests for the HIVE plugin
Wish
- [RANGER-626] - Hdfs use in not showing in ranger console