Ranger
This release provides Ranger 0.7.0 and the following Apache patches:
RANGER-1805: Code improvement to follow best practices in js.
RANGER-1937: Ranger tagsync should process ENTITY_CREATE notification, to support Atlas import feature
RANGER-1960: Take snapshot's table name into consideration for deletion.
RANGER-1982: Error Improvement for Analytics Metric of Ranger Admin and Ranger KMS.
RANGER-1984: Hbase audit log records may not show all tags associated with accessed column.
RANGER-1988: Fix insecure randomness.
RANGER-1990: Add One-way SSL MySQL support in Ranger Admin.
RANGER-2006: Fix problems detected by static code analysis in ranger usersync for ldap sync source.
RANGER-2008: Policy evaluation is failing for multiline policy conditions.
HDP 2.6.4 provided Ranger 0.7.0 and the following Apache patches:
RANGER-1880: TagSync update to process TRAIT_UPDATE notification from Atlas.
RANGER-1883: TagSync should reuse kerberos ticket in REST calls to Ranger Admin.
RANGER-1897: tagsync update to replace Atlas V1 API usage with Atlas V2 API for tag-download using REST.
HDP 2.6.3 provided Ranger 0.7.0 and the following Apache patches:
RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.
RANGER-1402: NPE if there is a problem with the HiveClient driverClassName.
RANGER-1403: There is a problem in buildks class when delete invalid keystore file.
RANGER-1408: When the error occurs, the system does not record the error message in RangerServiceService class.
RANGER-1415: The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar...
RANGER-1427: Remove a lot of not used code - found because Boolean.getBoolean must be wrong.
RANGER-1505: Remove KeyProtector code in KMS.
RANGER-1632: Users are not sync'd when sAMAccountName is different than CN associated with groups.
RANGER-1674: IMPORT START audit is not appearing on audit page.
RANGER-1676: Policy Details popup from Access audit page not displaying details of masking policy.
RANGER-1682: Clicking on export service after session timeout gets stuck indefinitely.
RANGER-1697: Update NiFi service def + handle upgrade scenario for the same.
RANGER-1705: Good coding practice in Ranger recommended by static code analysis.
RANGER-1715: 'repl dump <database>.<table>' failed to authorize in Ranger.
RANGER-1715: Enhance Ranger Hive Plugin to support authorization on Hive replication Tasks.
RANGER-1717: User with KEYADMIN role is not able to see Audit => Admin logs.
RANGER-1724: On Report listing page for masking/row filter policies show only mask/row filter conditions.
RANGER-1726: User are not getting deleted when Knox proxy is Enabled.
RANGER-1727: Ranger allows user to change an external user's password with 'null' old password.
RANGER-1730: Utility script that will list the users with a given role.
RANGER-1735: Support representing nested group memberships in Ranger Admin.
RANGER-1736: Good coding practice in Ranger recommended by static code analysis.
RANGER-1747: LDAP paged results resets to 500 after fetching first page of results.
RANGER-1748: User is unable to update existing policy while importing policy from file.
RANGER-1754: correcting group deletion message.
RANGER-1756: Handle role related restrictions for users having User role.
RANGER-1765: Add unique key constraint in x_group and x_group_users table.
RANGER-1771: Improve performance of merging lists of policyEvaluators returned by Trie.
RANGER-1779: last resource gets duplicated during update policy if policy is created through public api rest call.
RANGER-1783: Update XUserREST for listing users.
RANGER-1786: Need warning on external user role change.
RANGER-1787: User has to fill up all the allow and deny conditions items to create a knox policy.
RANGER-1788: Install Ranger admin failure.
RANGER-1795: Service should not be renamed if tagged service resources exist for it unless 'forceRename=true' option is specified.
RANGER-1797: Ranger - Upgrade Tomcat version.
RANGER-1800: Usersync fails to update users and groups during incremental sync with nested groups and group first search enabled.
RANGER-1801: group user mapping updates to ranger admin fail when the mapping is already existed in ranger DB.
RANGER-1806: Good coding practice in Ranger recommended by static code analysis.
RANGER-1817: Audit to Solr fails to log when the number of columns are in large number.
RANGER-1818: Good coding practice in Ranger recommended by static code analysis.
RANGER-1819: Not able to delete group that is having special character(ampersand) from ranger admin.
RANGER-1820: Address Ranger DB consolidated SQL script inconsistency.
RANGER-1820: Duplicate entries should be deleted before creation of unique index on x_group and x_group_users table.
RANGER-1825: Ranger Tagsync start is failing.
RANGER-1826: Import of bulk policies is causing OOM and Apparent Deadlock.
RANGER-1832: Export REST API should return exact matching results if polResource param is provided.
RANGER-1834: row filter policies are not being returned by policy search.
RANGER-1838: Refactor Jisql dependencies.
RANGER-1841: Audit log record for 'use dbName' hive command contains large number of tags.
RANGER-1843: Tag enricher performance improvement in identifying tags for resource being accessed.
RANGER-1851: Providing authorization for Hive query kill API (RMP-9474).
RANGER-1853: Masking functions based on custom masking of string types fails to unescape quotes properly.
HDP 2.6.2 provided Ranger 0.7.0 and the following Apache patches:
RANGER-1402: NPE if there is a problem with the HiveClient driverClassName.
RANGER-1403: There is a problem in buildks class when delete invalid keystore file.
RANGER-1408: When the error occurs, the system does not record the error message in RangerServiceService class.
RANGER-1446: Ranger Solr Plugin does not work when the collection list in the request is empty.
RANGER-1489: Solr plugin fails to get client address.
RANGER-1491: Add Ability in Usersync to automatically assign ADMIN/KEYADMIN role in Ranger for external users.
RANGER-1492: UI updates to support tag-based masking policies.
RANGER-1493: Policy engine updates to support tag-based datamasking and rowfiltering policies.
RANGER-1494: Policy engine updates to support tag-based masking policies.
RANGER-1494: Tag service-def updates to support masking and row-filter policies.
RANGER-1501: Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS.
RANGER-1502: Solr shutdown does not cause the audit log file to be flushed and closed.
RANGER-1505: Remove KeyProtector code in KMS.
RANGER-1555: Ranger UI Audit Menu-> Admin tab diff view pop-up does not come up..
RANGER-1580: Update Kafka tests to work with 0.10.1.1.
RANGER-1582: Support KNOX SSO Token based authentication on Ranger REST API calls.
RANGER-1628: Good coding practice suggested by static code analysis.
RANGER-1638: Atlas metadata server start failure.
RANGER-1638: Improve the password validation from Ranger API.
RANGER-1639: Ranger KMS should validate key name before importing into DB.
RANGER-1642: Policies listed on 2nd page and onwards of Policy Landing page don't reflect any edits on them.
RANGER-1647: Allow Ranger policy conditions to use tag attributes and values in Ranger.
RANGER-1648: Ranger Kafka Plugin now should use the Short name from Kafka Session Object.
RANGER-1649: Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism.
RANGER-1651: Improve Ranger and Ranger KMS REST API documentation.
RANGER-1653: Proxying Ranger UI does not work with Ranger-KnoxSSO.
RANGER-1658: Solr gives NPE while printing the AuthorizationContext in INFO and DEBUG log.
RANGER-1661: Default Ranger HDFS policy resource path is wrong.
RANGER-1665: provide a way to get list of policies associated with given resource.
RANGER-1666: Ranger UI should consider recursiveSupported attribute value at each resource level to Store the Policy.
RANGER-1670: Change in Atlas Kafka consumer interface for Atlas tag sync.
RANGER-1679: Export Policy not working when Knox proxy is Enabled..
RANGER-1689: Enabling recursive policy only for relativepath in WASB servicedef.
RANGER-1695: Optimize Ranger code for authorization of HDFS 'getContentSummary' and 'delete' commands.
RANGER-1696: Request to get all policies for hive or hbase service-type does not include policies that apply to specific child resource.
RANGER-1708: Remove tag services from service type and service name filters under Access Audit..
RANGER-1714: Disable dynamic sorting of policies when trie pre-filter is enabled.
RANGER-1715: Enhance Ranger Hive Plugin to support authorization on Hive replication Tasks.
RANGER-1737: Fixed RANGER-1181 by providing correct set of parameters to Hdfs Native Authorizer in case of fall-back.
HDP 2.6.1 provided Ranger 0.7.0 and the following Apache patches:
RANGER-1436: Disable, by default, deny policies with ranger.servicedef.enableDenyAndExceptionsInPolicies config parameter.
RANGER-1436: Turn Ranger Deny Policy & Except Conditions block to On by default .
RANGER-1475: reducing the highest time stamp value to pick all the users syncd during sync cycle.
RANGER-1490: Increase size of sort_order column of x_policy_resource_map.
RANGER-1531: Good coding practice while parsing XML documents in Ranger.
RANGER-1546: Code Improvement To Follow Best Practices.
RANGER-1548: Ranger needs better error messages when Ambari Infra is off.
RANGER-1550: HDFS test connection and resource lookup failing.
RANGER-1612: When servicedef is accessed, def_options property "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.
HDP 2.6.0 provided Ranger 0.7.0 and the following Apache patches:
RANGER-1378: Update MySQL Schema to fix issues related to only_full_group_by restriction of MySQL 5.7 version..
RANGER-1383: Use resource matchers for filtering service policies.
RANGER-1392: Hive test connection is failing even if jdbc.url configured is correct to 2.6-maint.
RANGER-1392: Revert "RANGER-1392: Hive test connection is failing even if jdbc.url configured is correct to 2.6-maint".
RANGER-1401: Add consolidated db schema script for SQLServer DB flavor.
RANGER-1405: groups are not shown if exact user name is passed in search filter.
RANGER-1406: Audit spoolfile not getting created when ranger service user didn't have permission to log into Solr.
RANGER-1407: Service update transaction log is not generated in some cases.
RANGER-1409: User role get deleted from table when he tries to update his role to a restricted role.
RANGER-1413: Fix issues uncovered by static code analysis.
RANGER-1413: Good coding practice in Ranger recommended by static code analysis.
RANGER-1417: Ranger Upgrade is failing for Oracle DB flavor.
RANGER-1422: Ranger Knox Plugin audit doesn't have the access type populated.
RANGER-1428: In certain scenario user data contains junk email-id.
RANGER-1434: Enable Group Search First causes issues when Enable Group Sync is disabled - 2.6-maint branch.
RANGER-1435: Allow different files to be specified for unix based usersync - 2.6-maint.
RANGER-1435: fixed minor issue of resource filenames from previous commit.
RANGER-1440: Improve install script to retry failing statements.
RANGER-1448: Change of import / export icons on Ranger UI.
RANGER-1453: Ranger KMS failed to start with Exception] : More than one Master Key exists.
RANGER-1459: Ranger update policy API is failing on Postgres / Oracle for case sensitive ACLs.
RANGER-1477: 'show databases' fails with access-denied when user doesn't have access to some of the databases.