Sub-task
- [RANGER-422] - Add additional database columns to support aggregation
- [RANGER-423] - Support audit log aggregation in Ranger Admin UI
- [RANGER-513] - Policy validation: resource hierarchies check does not work with single-node hierarchies as in HDFS
- [RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
- [RANGER-564] - Add incubating to the release name
Bug
- [RANGER-219] - Autocomplete behavior of hive tables/columns
- [RANGER-524] - Hbase plugin: list command should prune the tables returned on user permissions
- [RANGER-529] - Policy Validation: resources of a policy must match one of the resource hierarchies of the service def.
- [RANGER-533] - Hbase plugin: if user does not have family-level access to any family in a table then user may be incorrectly denied access done at table/family level during get or scan
- [RANGER-539] - Rolling downgrade changes
- [RANGER-545] - Fix js error for lower versions of FF (<30)
- [RANGER-548] - Key rollover command fails
- [RANGER-550] - Hive plugin: Add audit logging support for metadata queries that have filtering support from hive
- [RANGER-553] - Default policy creation during service creation should handle service defs with multiple hierarchies, e.g. hive, properly
- [RANGER-554] - Ranger KMS keys listing page does not support pagination
- [RANGER-555] - Policy view page (from access audit page) gives 404 with Oracle DB
- [RANGER-558] - Hbase plugin: unless user has READ access at some level under the table/family being accessed (via scan/get) authorizer should throw an exception and audit
- [RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
- [RANGER-565] - Ranger Admin install fails (sometimes) with IO Error when DB used in Oracle
- [RANGER-566] - Installation of Ranger on Oracle 12c with shared database needs to use private synonym instead of public synonym
- [RANGER-569] - Enabling Ranger plugin for Hbase should not modify hbase.rpc.protection value
- [RANGER-570] - Knox plugin: after upgrading ranger from 0.4 to 0.5 the knox plugin won't work because classes with old names are missing
- [RANGER-571] - Storm plugin: after upgrading ranger from 0.4 to 0.5 the plugin won't work because classes with old names are missing
- [RANGER-580] - Hbase plugin: Plugin may not work after upgrade
- [RANGER-584] - Service validation: Provide user friendly error messages about validation failures
- [RANGER-587] - ranger-admin-site.xml not getting updated when ranger.authentication.method is changed
- [RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
- [RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
- [RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
- [RANGER-598] - Update Ranger config migration script to work with Ranger 0.5
- [RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
- [RANGER-618] - KMS gets slower in key creation once Database grows
- [RANGER-621] - Solr service-def JSON has incorrect impliedGrants for solr_admin permission
- [RANGER-622] - Hive plugin: Add jar via beeline throws NPE
- [RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
- [RANGER-624] - Windows installation broken after SQLAnywhere support
- [RANGER-625] - Change db flavor input parameter value from SQLAnywhere to SQLA
- [RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
- [RANGER-628] - Make filters for ranger-admin search binds configurable
- [RANGER-630] - Data consistency across API and UI
- [RANGER-632] - Policy validation error messages produced by the server are not seen by the user
- [RANGER-633] - Service validation error messages produced by the server are not seen by the user
- [RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
- [RANGER-637] - Make REFERRAL property in Ranger User sync configurable
- [RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
- [RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
- [RANGER-640] - Handle help text description for Ranger LDAP / AD properties in Ambari
- [RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
- [RANGER-642] - Update USERSEARCHFILTER for Ranger Authentication on Windows
- [RANGER-653] - Move delegated admin check to mgr layer from service layer for XPermMap and XAuditMap
- [RANGER-654] - Component process goes in a tight loop if audit destination is down
- [RANGER-661] - Plugin receives empty policy list though the service has policies
- [RANGER-662] - Policy create/update failures leave partial policy in the database
- [RANGER-663] - Race condition during policy update causes policy to get in an bad state
- [RANGER-665] - ranger.ldap.ad.referral property is not getting updated in ranger-admin-site.xml
- [RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
- [RANGER-680] - Remove public group (by default) in default policy for KMS repo
- [RANGER-681] - Update default sync intervals for LDAP and UNIX
- [RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
- [RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
- [RANGER-702] - Optimize policy download performance
- [RANGER-706] - Optimize audit db upgrade patches to minimize timeout issues
- [RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
- [RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
- [RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
- [RANGER-733] - Implement best coding practices to resolve issues found during code scan
- [RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
- [RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
- [RANGER-743] - External users with Admin Role should be allowed to create/update users
- [RANGER-744] - Kafka Authorizer has updated how IP/Host is passed
- [RANGER-745] - Upgrade Apache commons-collections
- [RANGER-747] - RangerAdmin is considering "none" as valid ZK Host Name for Solr
- [RANGER-748] - Users in policy got changed after upgrade
- [RANGER-755] - ldap run.sh script fails since auth directory does not exist
- [RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
- [RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
- [RANGER-758] - Handle special characters in passwords starting from -r
- [RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
- [RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
- [RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
- [RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
- [RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
- [RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
- [RANGER-778] - Fix user update issue
- [RANGER-783] - Default policy created during service creation for a Kafka service should better support non-secure kafka cluster
- [RANGER-798] - Handle different timezone issue while saving audit logs to Solr
- [RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
- [RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
- [RANGER-808] - Update license.txt
- [RANGER-810] - Audit page should show most recent audit log at the top
Improvement
- [RANGER-586] - Ranger plugins should not add dependent libraries to component's CLASSPATH
- [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
- [RANGER-716] - New Public API to check user credentials
- [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
- [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
- [RANGER-818] - Fix XML indentation in pom files
New Feature
- [RANGER-526] - Provide REST API to change user role
- [RANGER-614] - Provide support of SQL Anywhere as a DB in Ranger
- [RANGER-652] - LDAP configuration tool
Task
- [RANGER-173] - Utility scripts to create HDFS audit folders and policies
- [RANGER-573] - Updated Ranger WebSite Doc
{"serverDuration": 74, "requestCorrelationId": "e478481e723ca5f9"}