Sub-task

  • [RANGER-422] - Add additional database columns to support aggregation
  • [RANGER-423] - Support audit log aggregation in Ranger Admin UI
  • [RANGER-513] - Policy validation: resource hierarchies check does not work with single-node hierarchies as in HDFS
  • [RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
  • [RANGER-564] - Add incubating to the release name 

Bug

  • [RANGER-219] - Autocomplete behavior of hive tables/columns
  • [RANGER-524] - Hbase plugin: list command should prune the tables returned on user permissions
  • [RANGER-529] - Policy Validation: resources of a policy must match one of the resource hierarchies of the service def.
  • [RANGER-533] - Hbase plugin: if user does not have family-level access to any family in a table then user may be incorrectly denied access done at table/family level during get or scan
  • [RANGER-539] - Rolling downgrade changes
  • [RANGER-545] - Fix js error for lower versions of FF (<30)
  • [RANGER-548] - Key rollover command fails
  • [RANGER-550] - Hive plugin: Add audit logging support for metadata queries that have filtering support from hive
  • [RANGER-553] - Default policy creation during service creation should handle service defs with multiple hierarchies, e.g. hive, properly
  • [RANGER-554] - Ranger KMS keys listing page does not support pagination
  • [RANGER-555] - Policy view page (from access audit page) gives 404 with Oracle DB
  • [RANGER-558] - Hbase plugin: unless user has READ access at some level under the table/family being accessed (via scan/get) authorizer should throw an exception and audit
  • [RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
  • [RANGER-565] - Ranger Admin install fails (sometimes) with IO Error when DB used in Oracle
  • [RANGER-566] - Installation of Ranger on Oracle 12c with shared database needs to use private synonym instead of public synonym
  • [RANGER-569] - Enabling Ranger plugin for Hbase should not modify hbase.rpc.protection value
  • [RANGER-570] - Knox plugin: after upgrading ranger from 0.4 to 0.5 the knox plugin won't work because classes with old names are missing
  • [RANGER-571] - Storm plugin: after upgrading ranger from 0.4 to 0.5 the plugin won't work because classes with old names are missing
  • [RANGER-580] - Hbase plugin: Plugin may not work after upgrade
  • [RANGER-584] - Service validation: Provide user friendly error messages about validation failures
  • [RANGER-587] - ranger-admin-site.xml not getting updated when ranger.authentication.method is changed
  • [RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
  • [RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
  • [RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
  • [RANGER-598] - Update Ranger config migration script to work with Ranger 0.5
  • [RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
  • [RANGER-618] - KMS gets slower in key creation once Database grows
  • [RANGER-621] - Solr service-def JSON has incorrect impliedGrants for solr_admin permission
  • [RANGER-622] - Hive plugin: Add jar via beeline throws NPE
  • [RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
  • [RANGER-624] - Windows installation broken after SQLAnywhere support
  • [RANGER-625] - Change db flavor input parameter value from SQLAnywhere to SQLA
  • [RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
  • [RANGER-628] - Make filters for ranger-admin search binds configurable
  • [RANGER-630] - Data consistency across API and UI
  • [RANGER-632] - Policy validation error messages produced by the server are not seen by the user
  • [RANGER-633] - Service validation error messages produced by the server are not seen by the user
  • [RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
  • [RANGER-637] - Make REFERRAL property in Ranger User sync configurable
  • [RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
  • [RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
  • [RANGER-640] - Handle help text description for Ranger LDAP / AD properties in Ambari
  • [RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
  • [RANGER-642] - Update USERSEARCHFILTER for Ranger Authentication on Windows 
  • [RANGER-653] - Move delegated admin check to mgr layer from service layer for XPermMap and XAuditMap
  • [RANGER-654] - Component process goes in a tight loop if audit destination is down
  • [RANGER-661] - Plugin receives empty policy list though the service has policies
  • [RANGER-662] - Policy create/update failures leave partial policy in the database
  • [RANGER-663] - Race condition during policy update causes policy to get in an bad state
  • [RANGER-665] - ranger.ldap.ad.referral property is not getting updated in ranger-admin-site.xml
  • [RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
  • [RANGER-680] - Remove public group (by default) in default policy for KMS repo
  • [RANGER-681] - Update default sync intervals for LDAP and UNIX
  • [RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
  • [RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
  • [RANGER-702] - Optimize policy download performance
  • [RANGER-706] - Optimize audit db upgrade patches to minimize timeout issues
  • [RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
  • [RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
  • [RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
  • [RANGER-733] - Implement best coding practices to resolve issues found during code scan
  • [RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
  • [RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
  • [RANGER-743] - External users with Admin Role should be allowed to create/update users
  • [RANGER-744] - Kafka Authorizer has updated how IP/Host is passed
  • [RANGER-745] - Upgrade Apache commons-collections
  • [RANGER-747] - RangerAdmin is considering "none" as valid ZK Host Name for Solr
  • [RANGER-748] - Users in policy got changed after upgrade
  • [RANGER-755] - ldap run.sh script fails since auth directory does not exist
  • [RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
  • [RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
  • [RANGER-758] - Handle special characters in passwords starting from -r 
  • [RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
  • [RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
  • [RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
  • [RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
  • [RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
  • [RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
  • [RANGER-778] - Fix user update issue
  • [RANGER-783] - Default policy created during service creation for a Kafka service should better support non-secure kafka cluster
  • [RANGER-798] - Handle different timezone issue while saving audit logs to Solr
  • [RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
  • [RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
  • [RANGER-808] - Update license.txt
  • [RANGER-810] - Audit page should show most recent audit log at the top

Improvement

  • [RANGER-586] - Ranger plugins should not add dependent libraries to component's CLASSPATH
  • [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
  • [RANGER-716] - New Public API to check user credentials
  • [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
  • [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
  • [RANGER-818] - Fix XML indentation in pom files

New Feature

  • [RANGER-526] - Provide REST API to change user role
  • [RANGER-614] - Provide support of SQL Anywhere as a DB in Ranger
  • [RANGER-652] - LDAP configuration tool

Task

  • [RANGER-173] - Utility scripts to create HDFS audit folders and policies
  • [RANGER-573] - Updated Ranger WebSite Doc 



  • No labels