Behavioral changes denote a marked change in behavior from the previously released
version to this version of Apache Ranger.
Cloudera Runtime 7.3.2.0
The behavioral changes for Apache Ranger in Cloudera Runtime 7.3.2.0
include all cumulative updates from previous releases (such as 7.3.1.x). This version
specifically incorporates changes introduced in Cloudera Runtime 7.3.1.100
through 7.3.1.706 alongside the following functional adjustments. For a complete list, see
Behavioral Changes.
Summary:
The new column authorization optimization property in the
Ranger-HBase plugin changes Ranger audit behavior, when enabled. There is no behavioral
change if the property is disabled.
Previous behavior:
Earlier, there were more audit entries when the
service configuration for optimization was not present and, hence, not enabled.
For
example, the audit behavior for the hbase ltt -tn multitest -families cf0,cf1 -write
3:2:1 -multiput -num_keys 1 -num_regions_per_server 1 command was as
follows:
15 audit entries
New behavior:
Currently, there are fewer audit entries when the
service configuration for optimization is enabled.
For example, the audit behavior for
the hbase ltt -tn multitest -families cf0,cf1 -write 3:2:1 -multiput -num_keys 1
-num_regions_per_server 1 command is as follows:
2 audit entries
(multitest/cf1 and multitest/cf2)
Summary:
The following service configurations have been added to a
new place in the Ranger Admin Web UI:
Previously, the above service configurations
were available under the Add New Custom Configurations
section.
New behavior:
Now, the above service configurations are directly
available under the Config Properties section. Additionally,
the configurations are added as dropdowns, where you can select the users and
groups.
Also, after you upgrade to Cloudera Runtime 7.3.2.0
from any previous release, your existing configurations will be shifted to the
Config Properties section with values.
Summary:
Policy resources in the Ranger Admin UI are being
added using React JS instead of Backbone JS
Previous behavior:
Earlier with Backbone JS, when you copied
and pasted resource values containing commas or spaces (for example, in Hive policy
resources: database1, database2), the UI automatically split them into separate values
— database1 and database2. The same behaviour applied to space-separated values.
Because of this, you were not allowed to enter resource names containing commas and
spaces, and this limitation affected all service policy resources.
New behavior:
After upgrading from Backbone JS to React JS,
this restriction has been removed. Now, React JS treats pasted values with commas or
spaces as a single entry. Hence, you can no longer paste multiple values at once; you
must manually add each resource value.
Summary:
Hive authorization from Ranger for Alter Table Rename command
does not require CREATE database permission on the database where the renamed table
will be created.
Previous behavior:
Earlier, whenever Alter Table Rename command was used across
databases in Hive, authorization from Ranger required CREATE database permission for the
user on the target database in which the renamed table was created.
New behavior:
Now, whenever Alter Table Rename command is used across databases
in Hive, authorization from Ranger does not check for CREATE database permission for the
user on the target database in which the renamed table will be created.
Summary:
Added support for multiple
columns policy creation in Ranger for Grant/Revoke request.
Previous behavior:
Previously, when a request with multiple columns, such as GRANT
SELECT (col1, col2, col3, col4, col5, col6, col7, col8, col9, col10) ON TABLE demo.data5
TO ROLE testrole_09289898, is executed in Impala, it results in the creation of a
separate grant policy for each column in Ranger.
New behavior:
Now, a request with multiple columns results in creation of a
single policy for Grant request for all the columns in Ranger. Same is true for Revoke
request.
