0.6.0 Release Notes

Created by Velmurugan Periasamy, last modified on Mar 19, 2017

`Release Notes - Ranger 0.6.0 (Release in progress)`

Sub-task

[RANGER-270] - Solr configuration and setup files and documentation
[RANGER-271] - Script and process to migrate existing audit from RDBMS to Solr
[RANGER-551] - Policy Validation: If resource levels are not valid for any hierarchy then checks about missing mandatory levels should be skipped.
[RANGER-595] - Support for persisting tag info in the database
[RANGER-611] - Update policy listing page with a new column 'Policy Type'
[RANGER-612] - Update HDFS plugin to fallback to hadoop-acl only when there is no Ranger policy to determine the authorization
[RANGER-643] - Audit page: filter by Tags column does not work
[RANGER-644] - Update Solr audit source/destination to support 'Tags' field
[RANGER-645] - Tag DB Store should be available in all supported DB flavors
[RANGER-646] - Policy UI updates for the changes in policy model to support policyItems of type allow/deny/allow-exception/deny-exception
[RANGER-660] - Implement TagSync process to populate Ranger with tag details
[RANGER-670] - Policy UI to support input of a single value for resources
[RANGER-709] - Support conditions that handle only a single value
[RANGER-737] - Need to update the current implementation for recent changes in Kafka
[RANGER-843] - Add indexes to improve Postgres query performance
[RANGER-844] - Optimize policy retrieval for non-admin users
[RANGER-848] - Policy listing page: users column is empty for non-admin users
[RANGER-851] - Remove all occurrences from code that would violate PMD EmptyFinallyBlock rule
[RANGER-855] - Fix "BooleanInstantiation" issues
[RANGER-856] - Fix "DontImportJavaLang" issues
[RANGER-860] - Fix DuplicateImports/UnusedImports
[RANGER-866] - Service delete fails with error 'XXService was updated or deleted by another transaction'
[RANGER-871] - Fix migrating issues
[RANGER-874] - Deny & allow/deny exceptions in policies should be optional
[RANGER-876] - Policy UI updates to make deny & exception policy items optional
[RANGER-877] - Exceptions in policies: allow-exceptions should implicitly deny; deny-exceptions should implicitly allow
[RANGER-879] - Fix JUnit4TestShouldUseTestAnnotation issue
[RANGER-883] - Fix remaining "imports" issues
[RANGER-890] - Fix "unnecessary" issues
[RANGER-905] - Fix "UnusedModifier" issues
[RANGER-911] - Fix Unused Formal Parameters
[RANGER-937] - Fix unused local variables issue
[RANGER-953] - Tag Based policies menu is not appearing for 'ADMIN' role users after upgrade from 0.5

Bug

[RANGER-149] - If the HDFS file system is empty then repository configurator gives confusing message
[RANGER-204] - Not able to delete user or group if user/group has any policy defined.
[RANGER-205] - Delete rest api of User not deleting user completely from system
[RANGER-218] - LDAP Groups incorrectly labelled internal
[RANGER-255] - Email Address discrepancy
[RANGER-341] - request_data and request_path columns are short
[RANGER-414] - Resource name is not easily readable in Ranger access logs
[RANGER-541] - Address 0.5 release packaging feedback
[RANGER-560] - Policy validation: Provide user friendly error messages about validation failures
[RANGER-575] - Allow KMS policies to be assigned to all users
[RANGER-584] - Service validation: Provide user friendly error messages about validation failures
[RANGER-588] - Take care of Ranger KMS installation even if 'java' is not in PATH
[RANGER-593] - Service def validation: Provide user friendly error messages about validation failures
[RANGER-594] - Policy Validation: Change the logic to generate friendly error messages to be similar to that for Service and Service def
[RANGER-596] - Add support for location based authorization
[RANGER-606] - Add support for deny policies
[RANGER-607] - Unable to create multiple policyItems for same user or group
[RANGER-608] - Denied access to list a directory does not generate audit
[RANGER-609] - Limit the width of 'Policy Conditions' column in policy-edit page
[RANGER-615] - Audit to db: Truncate all string values of audit record so that writing of audit does not fail
[RANGER-616] - Add UI validation for max length of service conf properties fields
[RANGER-617] - Handle Search by status on policy search filter
[RANGER-618] - KMS gets slower in key creation once Database grows
[RANGER-619] - Add a Hive condition to restrict access to mutually exclusive columns
[RANGER-622] - Hive plugin: Add jar via beeline throws NPE
[RANGER-623] - Enable plugin scripts should handle file permissions for certain umask value
[RANGER-627] - Processing done by Audit Shutdown hooks can confuse someone looking at logs to think that shutdown of a service is held up due to Ranger plugin
[RANGER-628] - Make filters for ranger-admin search binds configurable
[RANGER-631]- audit log is not present for deleting user
[RANGER-632] - Policy validation error messages produced by the server are not seen by the user
[RANGER-633] - Service validation error messages produced by the server are not seen by the user
[RANGER-634] - Service-def validation error messages produced by the server are not seen by the user
[RANGER-635] - delete an user and then add a new user with same id but with diffenent role creates user with old role
[RANGER-636] - Component Level Permission popup for tag based policy create page
[RANGER-637] - Make REFERRAL property in Ranger User sync configurable
[RANGER-638] - Ranger admin should redirect back to login page when session cookies expires
[RANGER-639] - Storm plugin - commons-lang is a required dependency and hence should be packaged as part of storm plugin
[RANGER-641] - Ranger kms start fails if java is not set and started using service keyword
[RANGER-654] - Component process goes in a tight loop if audit destination is down
[RANGER-656] - Ranger UI - KMS Need to handle 404 error when clicked on breadcrumb
[RANGER-658] - Package ranger_credential_helper.py with Ranger Usersync assembly
[RANGER-661] - Plugin receives empty policy list though the service has policies
[RANGER-662] - Policy create/update failures leave partial policy in the database
[RANGER-663] - Race condition during policy update causes policy to get in an bad state
[RANGER-664] - Ranger PolicyRefresh REST Client timeout parameter should be configurable
[RANGER-671] - Add support to retrieve permissions for the logged in user from UserSession rather going to database every time
[RANGER-672] - 0.4 plugins can't download policies from 0.5 server (via old api)
[RANGER-673] - Setup changes to allow Ranger service to installed using custom service user
[RANGER-674] - Ranger public rest api gives 200 response for wrong credential instead of 401
[RANGER-675] - User with access to one of columns via tag is able to access other columns as well
[RANGER-677] - Ranger Admin fails to render policies referring to groups that contain "." in name
[RANGER-679] - Support Secure Solr from Ranger Admin
[RANGER-680] - Remove public group (by default) in default policy for KMS repo
[RANGER-681] - Update default sync intervals for LDAP and UNIX
[RANGER-682] - Ranger to support Azure Blob Datastore as an audit destination via HDFS audit handler
[RANGER-683] - User with authorization to a tag is allowed access even though access is denied by a policy for the resource
[RANGER-688] - Handle scenario where ids of XUser and XPortalUser are not in sync
[RANGER-690] - Ranger Admin doesn't show error if Audit Solr is down
[RANGER-697] - KeyAdmin role user should see only KMS related audit access logs in Audit tab
[RANGER-700] - Provide a wrapper shell script to run the FileSourceUserGroupBuilder process
[RANGER-701] - Update setup scripts to allow special characters in passwords
[RANGER-702] - Optimize policy download performance
[RANGER-703] - Policy UI validation blocks policy with audit-disabled and no groups
[RANGER-704] - Service enable/disable should refresh the policies in the plugins
[RANGER-710] - Add a permission for 'Tag Based Policies'
[RANGER-711] - Fix code defects uncovered by static analysis of code-base
[RANGER-714] - Enhancements to the db admin setup scripts.
[RANGER-719] - Audit in RangerAdmin doesn't show latest audits in UI if server is on different timezone
[RANGER-720] - Ldap discovery tool doesn't seem to be working as expected
[RANGER-724] - AuditBatchQueue: prevQueueSize not recomputed after initial assignment - static code analyzer flagged issue
[RANGER-725] - Add the right .gitignore file to the newly added projects so that directory listing is clean after a build
[RANGER-726] - Ranger Build Compilation faliure due to atlas changes
[RANGER-727] - Knox Plugin failed to AuditToSpool file when Audit Destination is down
[RANGER-728] - Update Solr script to resolve issues with ZK and creating collection
[RANGER-731] - Ranger plugin for YARN doesn't seem to be able to write audit to Kerberized HDFS
[RANGER-733] - Implement best coding practices to resolve issues found during code scan
[RANGER-734] - Add unit tests for Ranger Usersync module
[RANGER-736] - Apache license headers missing in files from recent commit
[RANGER-739] - Ranger HBase Plugin returning null for RegionObserver.preCompact calls causing hbase:acl issue
[RANGER-741] - Fix installation script to skip Audit DB password check if audit source is SOLR
[RANGER-742] - Ranger usersync fails after syncing 500 users from AD or ldap server when paged results is enabled.
[RANGER-743] - External users with Admin Role should be allowed to create/update users
[RANGER-745] - Upgrade Apache commons-collections
[RANGER-748] - Users in policy got changed after upgrade
[RANGER-751] - Ranger admin setup fails with TypeError
[RANGER-752] - Name node not starting due StackOverFlowError exception
[RANGER-753] - Optimize tag download performance
[RANGER-754] - Ranger YARN Plugin lookup and test connection should support SPENGO enabled HTTP Authentication
[RANGER-755] - ldap run.sh script fails since auth directory does not exist
[RANGER-756] - LdapTool fails with -r option to retrieve only users/group/all
[RANGER-757] - [LDAP tool] authentication fails if use -d option to search only users
[RANGER-758] - Handle special characters in passwords starting from -r
[RANGER-759] - Fix Ranger Knox SSO logout/session expired issues
[RANGER-760] - Ranger UI code cleanup
[RANGER-761] - Transaction logs not getting generated under audit menu admin tab if policy name is changed
[RANGER-763] - Optimize policy evaluation by reordering match-checks
[RANGER-764] - Kafka plugin: new operation types supported by kafaka plugin should be added to service definition.
[RANGER-765] - Handle logout scenario for knox sso disabled case
[RANGER-767] - Refactor UserGroupSink implementation and consolidate performance improvements
[RANGER-769] - Can't connect to Solr server because of Httpcore issue in HBase
[RANGER-770] - Fix NullPointerException Unit test cases on master branch
[RANGER-771] - 4+ Log entries upon login in in X_AUTH_SESS
[RANGER-772] - Hive plugin: Update Ranger authorizer to mimic changes made by Hive standard authorizer for the case when IMPORT can end up creating a table
[RANGER-773] - Fix newly found Coverity scan issues for Ranger KMS
[RANGER-775] - Annotate classes used in REST API with ignoreUnknown=true for version compatibility
[RANGER-777] - Kafka plugin should build/work with the kafka v0.9 jar with authorization support that have been pushed to public repos
[RANGER-778] - Fix user update issue
[RANGER-779] - Remove unused attributes in RangerPolicyItem
[RANGER-780] - Atlas-Interface: Update Atlas Notification processing to accommodate format changes to qualifiedName attribute
[RANGER-781] - Ranger Kafka Plugin failed to log audit into secure hdfs cluster
[RANGER-784] - Annotate REST API classes to use get/set methods instead of directly accessing fields
[RANGER-787] - Clean up ranger-tagsync configuration; remove unneeded parameters
[RANGER-788] - Ranger Admin should set delegateAdmin=false for tag-based policies
[RANGER-789] - Incorrect policy list paging for non-admin users
[RANGER-791] - Update ranger to work with HiveAuthorizer interface changes
[RANGER-792] - Updates for Atlas API changes in ATLAS-394
[RANGER-793] - Atlas notification dependencies should be included in ranger-tagsync package
[RANGER-794] - Ranger policy engine performance measurement
[RANGER-795] - Ranger admin does not start when SSL is enabled.
[RANGER-796] - Good coding practice: fix issues in updates from RANGER-794
[RANGER-797] - Good coding practice: fix issues in updates from RANGER-789
[RANGER-798] - Handle different timezone issue while saving audit logs to Solr
[RANGER-799] - Ranger UI fixes - partial search not working on Policy listing page
[RANGER-800] - Move Context enricher implementation RangerFileBasedGeolocationProvider out of test into prod
[RANGER-801] - Enable tagsync to run in secure mode.
[RANGER-802] - HBase plugin: Implement the new methods added to MasterObservers Interface and mimic their implementation in Hbase AccessController
[RANGER-804] - Delete groups associated with User causes Exception in UserSync
[RANGER-805] - Update Ranger website FAQs
[RANGER-807] - TagSync should support periodic full sync with Apache Atlas
[RANGER-809] - Audit framework need to cache the getHostName() values to reuse for successive calls
[RANGER-814] - In Ranger Audit using Solr, auto create fields should be single valued
[RANGER-824] - Fix code standards to remove exceptions in pmd ruleset
[RANGER-829] - Root pom specifies incorrect minimum Maven version
[RANGER-831] - Single policy update increases policy history version by 2 - gives error to view history
[RANGER-835] - Authentication bypass in Ranger API
[RANGER-836] - Optimize policy download to plugins - by not including unused fields
[RANGER-838] - Tag-sync should be resilient to Ranger Admin availability
[RANGER-840] - ranger-admin and ranger-usersync does not honour the SSL truststore property
[RANGER-846] - Ranger deviates from Hadoop usernames
[RANGER-847] - Fix code scan issues
[RANGER-849] - Good coding practice: fix potentil Null Pointer dereference
[RANGER-850] - Test test30getPolicyFromEventTime does not fail but it throws an NPE
[RANGER-852] - ArrayOutOfBoundsException can be triggered due to faulty check in UnixUserGroupBuilder
[RANGER-853] - Remove the unused project lookup-client as its contents were moved into individual plugin project since ranger-0.5 release
[RANGER-859] - Allow user to define custom log directory during Ranger installation
[RANGER-863] - Make parameters like maxHttpHeaderSize configurable for EmbeddedServer
[RANGER-864] - RangerPolicy.set(List<?>) methods append to existing value, instead of overwriting
[RANGER-865] - Service delete should delete associated service-resources and tag-resource-maps
[RANGER-870] - PMD build error
[RANGER-872] - Patch validation executed upon submission of a patch - seems failing due to common usage of /tmp folder
[RANGER-875] - Restrict Grantor privileges of Ranger db user for Oracle DB Flavour
[RANGER-878] - Improve error logging and Ranger UI error message when test connection and lookup is done
[RANGER-880] - Good coding practice: inner class to be made static; wait() should be in a loop
[RANGER-882] - Policy engine initialization should handle incorrect values in policies
[RANGER-884] - PMD build error
[RANGER-885] - ClassCastException in SolrClient
[RANGER-886] - RangerSSOAuthenticationFilter needs to accommodate a missing expiration time
[RANGER-887] - Changes needed to convert log4j.xml to log4j.properties
[RANGER-888] - Provide support to delete Users and Groups from Ranger Admin UI
[RANGER-891] - Audit shutdown hook to be registered with Hadoop ShutdownHookManager, instead of directly with Java Runtime
[RANGER-892] - Ranger SOLR plugins should not add dependent libraries to component's CLASSPATH
[RANGER-893] - Ranger ugsync with LDAP is not able to fetch group information
[RANGER-894] - Ranger ldap tool is ignoring OU's from user search base
[RANGER-896] - Add Maria DB support for Ranger and Ranger KMS
[RANGER-899] - Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
[RANGER-901] - x_service table columns that track policy/tag updates to be moved to a new table
[RANGER-902] - tags that are private to a service-resource should be deleted when service-resource is deleted
[RANGER-903] - optimize updates to resource-tag info
[RANGER-904] - Update create-policy REST API to support override values via query parameters
[RANGER-906] - Knox Ranger Plugin needs addition dependency jar for webhdfs calls to work
[RANGER-907] - Copy + paste error in RangerYarnAuthorizer
[RANGER-910] - Improve db and java patches execution logic to make that more robust
[RANGER-912] - Ranger Admin UI to support datamask & row-filter policies
[RANGER-914] - Where is the download page on the website?
[RANGER-915] - The website needs a more prominent link to the issue tracker
[RANGER-917] - Ranger Hive authorizer to be updated for changes in Hive
[RANGER-918] - Publish Range libraries for plugin development to maven central
[RANGER-920] - Update HBase plugin for changes in the HBase Authorizer interface
[RANGER-921] - Improve implementation of internal SQL calls and make it more generic
[RANGER-926] - Ranger UI validation changes to allow . [dot] in firstname and lastname fields
[RANGER-931] - Fix Ranger Projects pom for name change for artifacts from “org.apache.calcite:calcite-avatica:${calcite.version}” to “org.apache.calcite.avatica:avatica:${avatica.version}”
[RANGER-932] - Fix assemblies after patch for RANGER-839
[RANGER-933] - Services landing page restricts the listing to first 25 services only
[RANGER-934] - Ranger should use released version of EclipseLink
[RANGER-935] - Persistence.xml file should have mapping of all Entity classes
[RANGER-939] - Update to use Storm version 1.0.0
[RANGER-940] - Add null check for ranger.ks.hsm.enabled property
[RANGER-941] - Getting Access denied page while creating kms service on Ranger UI
[RANGER-942] - TagSync deployment in environments without Atlas
[RANGER-945] - SaveVersion python script in ranger-util not working
[RANGER-951] - Modify ranger-admin to put stackdef for specified components
[RANGER-952] - Tagadmin user name should be configurable in tagsync module
[RANGER-954] - Compilation fix due to HIVE change (HIVE-13424)
[RANGER-955] - TagSync should be updated to process ENTITY_DELETE notification
[RANGER-957] - Modify ranger kms to use service identity (from service keytab) to download policies from ranger admin
[RANGER-960] - Service-def update does not preserve the order in which permissions are listed
[RANGER-962] - Ranger plugin should have an option to use X-Forwarded-For address
[RANGER-963] - Ranger UI : Search tagService filter(API) is not working on service create/update page
[RANGER-964] - Fix NOTICE and LICENSE file contents
[RANGER-965] - Validate Audit DB to Solr Migration script from any previous version to 0.6 upgrade
[RANGER-968] - Remove email validation to allow syncing users from a file
[RANGER-969] - Property ranger.usersync.filesource.text.delimiter mis-spelled
[RANGER-971] - RangerPolicyEvaluator Cache key needs to include resource-def-name
[RANGER-972] - Default value for tagsync to retry tag upload to ranger is too small
[RANGER-973] - Kerberos : Ranger Admin to perform Key operations using Principal / keytab of RangerAdmin from UI
[RANGER-974] - Allow users to move policy items in create / edit Policy screen
[RANGER-975] - Rename ranger log file from xa_portal.log to ranger_admin.log
[RANGER-976] - Update tagsync packaging to include Kafka libraries
[RANGER-977] - Ranger KMS default policies should include hdfs & hive
[RANGER-981] - Change session cookie name from JSESSIONID to RANGERADMINSESSIONID
[RANGER-982] - Review/update name of default policies in a new service instance
[RANGER-984] - Ranger Admin Install fails with "022-split-service-table.sql Import failed!"
[RANGER-989] - java.lang.NoClassDefFoundError: org/apache/commons/httpclient/URIException during user sync
[RANGER-990] - Automate setting Proxy User in Ranger KMS
[RANGER-991] - Ranger should support authorization for Apache Atlas
[RANGER-992] - create_dbversion_catalog.sql DB schema import failed
[RANGER-993] - [Row Filter & colum masking] issues with auditing of colum masking and row filter
[RANGER-994] - Ranger Support for Audit to Secure Solr
[RANGER-995] - Implement good coding practices
[RANGER-996] - The PolicyRefresher doesn't cache policies if the directory doesn't already exist
[RANGER-997] - Improve Policy Listing performance on Reports page having more than 1000 policies
[RANGER-998] - Trim policy name in create/update policy request
[RANGER-999] - Delete Module REST API is failing as it is not removing assigned users and groups
[RANGER-1000] - Tag service deletion failure due to MySQLIntegrityConstraintViolationException
[RANGER-1003] - Handle Ranger upgrade scenario in Kerberized Cluster
[RANGER-1004] - Remove need to set access type for column masking, row filtering in Ranger UI
[RANGER-1008] - if one of OU is invalid out of multiple ou configured then no user syncd from any of the OU
[RANGER-1009] - Ranger returns stale service/policies if service-name is reused
[RANGER-1010] - Make 2 sso properties non-configurable in Ranger
[RANGER-1011] - User's Group name attribute in Ranger Usersync LDAP configuration must be optional
[RANGER-1012] - Ranger ldap tool stores the admin bind password in config file in clear text
[RANGER-1013] - Move some properties from ranger-admin-site.xml to ranger-admin-default-site.xml
[RANGER-1014] - Ranger UI : Show allow/deny policy items info on Report page
[RANGER-1015] - Ranger KMS changes to cater to hadoop kms commits
[RANGER-1016] - Display resourceType field under the Audit -> Access tab
[RANGER-1017] - Audit to Secure Solr needs Solrj Jars from apache to be included in package
[RANGER-1018] - Ranger User creation failing with SQLAnywhere and MS SQL Server DB Flavor
[RANGER-1019] - Audit to secure solr needs httpclient dependency library 4.5.2 version
[RANGER-1020] - Remove (old) Calcite dependency
[RANGER-1021] - Ranger plugins for components should only download policies which are in 'Enabled' state
[RANGER-1022] - Audit summary statistics (such as event_count, event_dur_ms) are not persisted when audit destination is RDBMS
[RANGER-1023] - Handle requests from non-kerberized browser when Ranger is kerberized
[RANGER-1024] - Improve implementation of java patch PatchPersmissionModel_J10003 to handle large amount of users
[RANGER-1025] - Policy search REST API implemented in public api V1 is not returning results as expected
[RANGER-1026] - Ranger service to generate PID
[RANGER-1027] - Packaging changes for Ranger Atlas Plugin
[RANGER-1028] - Audit log not created for change of Tag based service name
[RANGER-1029] - Update Ranger to support Kafka version 0.10.0.0
[RANGER-1030] - Update Ranger to support Kafka version 0.10.0.0
[RANGER-1032] - Update TagSync installation to handle configurations for kerberos mode
[RANGER-1033] - admin audit logging is not happening correctly while deletion of the configuration from the service repo
[RANGER-1034] - Ranger KMS plugin should not add dependent libraries in Ranger KMS classpath
[RANGER-1035] - Improve implementation of Client classes to adhere to good coding practices
[RANGER-1036] - Solr Jaas config for ranger audit framework should not override the component Jaas config.
[RANGER-1037] - REST API for tag download returns incorrect return code
[RANGER-1038] - Usersync process is not syncing users from AD at intervals based on sleeptimeinmillisbetweensynccycle
[RANGER-1039] - User and groups having special characters are not populating in edit policy page
[RANGER-1040] - Add unique key constraint on user_name column of x_user table
[RANGER-1041] - Failure to sync one user to admin causes other users/groups also not to be synced from usersync to admin
[RANGER-1042] - Reduce clutter in tagsync debug log
[RANGER-1043] - Update tagsync for changes in ATLAS-542 - table.name -> table.qualifiedName
[RANGER-1045] - Ranger should provide support to force use inmemory jaas config when auditing to secure solr
[RANGER-1046] - ranger kms repo creation is failing after ranger kms is installed
[RANGER-1047] - Getting 204 error when trying to access Ranger with KnoxSSO if user does not exist in Ranger DB
[RANGER-1048] - Ranger Hbase lookup should use the config provided in the Ranger hbase service
[RANGER-1052] - Remove or Fix all skipped unit tests in RANGER
[RANGER-1053] - policy download fails with HTTP code 401 for long running components in kerberized cluster
[RANGER-1057] - Ambari configuration for ranger-tagsync needs to support ranger.tagsync.source.atlasrest.keystore.filename property
[RANGER-1058] - Ambari configuration for ranger-tagsync needs to support property for atlas keystore filename
[RANGER-1059] - updatetagadminpassword.py script should use user names from ranger-tagsync-site
[RANGER-1060] - Ranger Hbase and Hive Plugin Grant Revoke REST call should send the right http response when authorization fails in kerberized cluster
[RANGER-1061] - Add admin user to default policy of Atlas
[RANGER-1062] - Remove conflicting jars from Ranger Atlas plugin
[RANGER-1063] - Increase size of sort_order column of x_policy_item_user_perm and x_policy_item_group_perm table
[RANGER-1064] - Incorrect value specified for atlas.kafka.security.protocol property for manual kerberized tagsync installation
[RANGER-1067] - admin audit logging is not correct when add and delete the configuration from the service repo.
[RANGER-1068] - Issue with ranger admin restart and pid generation
[RANGER-1069] - if a user permissions are removed from a policy through revoke operation then also users is shown
[RANGER-1070] - Export table should be allowed only when masking or row-filtering are not specified
[RANGER-1071] - Ranger Storm Plugin should package codehaus.jackson libs as part of dependent jar
[RANGER-1072] - Add slf4j libraries and its dependencies for Ranger Atlas plugin
[RANGER-1073] - permission denied for rangeradmin.jceks.crc file
[RANGER-1074] - grant and revoke are working even if user is not added to auth properties in repo
[RANGER-1077] - Audit logs for Hive access show empty IP address
[RANGER-1078] - grant and revoke are not working as expected
[RANGER-1079] - tagsync should attempt re-initializing failed tag sources periodically
[RANGER-1080] - even if service creation is failed then also 200 Respons is returned
[RANGER-1082] - Ranger should support newer Storm Topology methods in the Ranger Storm Plugin for Authorization
[RANGER-1083] - Ranger PolicyRefresh and RangerTagEnricher threads should be of daemon type
[RANGER-1084] - Ranger not working with Knox Proxy
[RANGER-1085] - Ranger UI : policy creation validation error
[RANGER-1086] - Under Audit>Admin tab pop up for service create and update does not work
[RANGER-1087] - Block insert/update/delete/truncate when row-filter/column-mask is enabled for the user
[RANGER-1088] - denied auditing is not done if resource lookup fail
[RANGER-1089] - KMS] kms.log file gets bigger
[RANGER-1092] - Ranger YARN Plugin should not fails to download policy when UGI ticket expires
[RANGER-1098] - for hive and hbase two properties are present policy.grantrevoke.auth.users & policy.grant.revoke.auth.users </ul>

Improvement
- [RANGER-274] - Add support for TAG based policies
- [RANGER-647] - Add PAM Support
- [RANGER-648] - Provide a way to clean-up old policy-engine and related resources.
- [RANGER-669] - Ranger doc several typos in FAQ
- [RANGER-684] - Ranger Usersync - Add Ability to transform user/group names
- [RANGER-691] - Ranger Admin shouldn't expect users to be sync'ed for authentication
- [RANGER-699] - higher level policy API to hide complexity of policy update/create/delete
- [RANGER-722] - StartTLS support for Ranger
- [RANGER-746] - Ranger Admin: Add wildcard, multiple CN & SAN support when validating plugins' SSL certs
- [RANGER-749] - Ranger KMS to support multiple KMS instances with keys across multiple clusters
- [RANGER-776] - Write sql patch to create Ranger user 'rangertagsync' for all DB
- [RANGER-815] - In Solr managed-schema, we should set default for event_count and seq_num
- [RANGER-818] - Fix XML indentation in pom files
- [RANGER-819] - Allow pasting into password fields in Ranger web UI
- [RANGER-822] - Add PMD maven plugin to keep source code analyzer run as part of verify process
- [RANGER-827] - Use system supplied mechanism to get users and groups on unix
- [RANGER-828] - Bump up Apache parent plugin version + fix scm tag value
- [RANGER-832] - Bump plugin versions
- [RANGER-833] - In Ranger UI add support for usernames containing a plus "+" symbol
- [RANGER-839] - Update httpcomponent dependencies
- [RANGER-842] - Allow PAM for authentication
- [RANGER-845] - Replace StringBuffer with StringBuilder
- [RANGER-857] - Unify (and update) Tomcat versions
- [RANGER-889] - Policy engine API to find list of users/groups having access to a resource
- [RANGER-897] - Change Apache DS tests to run on a random port
- [RANGER-898] - Change Ranger's default value for LDAP User / Group Sync Case Conversion properties to "none"
- [RANGER-913] - Improvements on Reports page in Ranger Admin
- [RANGER-922] - Adding debug statement to identify build issue in build.apache.org
- [RANGER-936] - Some junit related improvements
- [RANGER-938] - Add NiFi service definition and NiFiClient
- [RANGER-946] - Ranger UI : Add policy type filter to report page
- [RANGER-948] - Cleanup test dependencies
- [RANGER-949] - Some agents improvements
- [RANGER-967] - Allow additional characters in username
- [RANGER-970] - Ranger Usersync - Add Ability to transform user/group names to file source
- [RANGER-978] - Usersync: Remove creation of default email address
- [RANGER-985] - Support download csv in Reports page as enhancement
- [RANGER-1005] - Add command line utility to change Ranger user password
- [RANGER-1051] - Fall back to getting groups from user UGI in HBase plugin
- [RANGER-1054] - Enhance column masking feature to support custom value/expression
- [RANGER-1055] - Enhance column masking feature to support custom value/expression
- [RANGER-1056] - Update to Hive 2.1.0
- [RANGER-1065] - Need to change default audit retentions in Solr 3 months and do some performance tuning
- [RANGER-1081] - Remove "Get Cluster Info / Get Nimbus Conf" from Admin UI permission list for Storm
New Feature
- [RANGER-526] - Provide REST API to change user role
- [RANGER-652] - LDAP configuration tool
- [RANGER-666] - Ranger to support Azure SQL Database
- [RANGER-685] - Ranger Admin - Add Ability to Authenticate with Knox SSO provider
- [RANGER-686] - Allow specifying keytabs in Ranger repositories
- [RANGER-712] - Create a new project which can serve as a template to write ranger extensions
- [RANGER-803] - Support multiple OU in LDAP search for Ranger usersync
- [RANGER-867] - Add Kerberos support for ranger admin and clients
- [RANGER-868] - Ranger-KMS - Luna HSM Integration
- [RANGER-869] - Group Based search support for ranger usersync
- [RANGER-873] - Ranger Policy model to support data masking
- [RANGER-900] - Remove support for DB based auditing
- [RANGER-908] - Ranger policy model to support row-filtering
- [RANGER-909] - Ranger Hive plugin to support row-filtering
Task
- [RANGER-582] - How to create Service/Repo in RangerAdmin
- [RANGER-597] - Troubleshooting UserSync in Ranger
- [RANGER-806] - Ranger cli utility to delete users from Ranger DB
- [RANGER-823] - Update the version number to 0.6.0 on the maven pom.xml files
- [RANGER-881] - How to add Ranger authorization for an application? Sample
- [RANGER-895] - Ranger Hive plugin to support column-masking
- [RANGER-923] - Modify the current version to 0.6.0-SNAPSHOT instead of 0.6.0 (since it is not released yet)
- [RANGER-959] - Update doc site with contributor list - based on JIRA system
- [RANGER-966] - Add Apache licenses for .py files
- [RANGER-1093] - Release Ranger 0.6.0
Test
- [RANGER-762] - Unit test for hive tag-policy fails
- [RANGER-816] - Add unit tests for file-based tag enricher
- [RANGER-830] - Unit test for verifying behaviour of "Exclude" setting in the Ranger Policy
- [RANGER-841] - Remove deprecated junit.framework dependencies
- [RANGER-1006] - Add tests for the HDFS plugin
- [RANGER-1031] - Add tests for the HIVE plugin
Wish
- [RANGER-626] - Hdfs use in not showing in ranger console

No labels