Fixed Issues in Apache Ranger

Review the list of Ranger issues that are resolved in Cloudera Runtime 7.2.15.

CDPD-39317: Updated atlas default audit filter to avoid auditing for atlas read-entity by nifi service user.
This issue is now resolved.
CDPD-38668: S3 plugin reports the result of the evaluation of S3 access policies differently than HDFS plugin. The fix is to change the handling of the result of base-plugin's policy evaluation result so that it works in all cases.
This issue is now resolved.
CDPD-36327: Enabled HDFS or cloud storage auditing for the Kafka Connect Ranger plugin.
This issue is now resolved.
CDPD-35742: Change display messages in policy form items.
This issue is now resolved.
CDPD-35631: Fixed role update operation issue for role admin user (A non admin user should be able to update the role if user is role admin).
This issue is now resolved.
CDPD-35204: Flagged based enhancement enables to transform/update username using user-mapping file provided at the time sentry migration using authzmigrator tool.
This issue is now resolved.
CDPD-35073: Upgrade jquery-ui 1.12 to 1.13.0+ due to CVEs.
This issue is now resolved.
CDPD-35073: Flagged based enhancement enables to create S3 policy for Hive warehouse location at the time of sentry migration.
This issue is now resolved.
CDPD-34762: User/group/tags/resource attributes should be easily accessible in condition expressions, with expressions like: USER.state == 'CA' UG['test'].dept == 'MKTG' REQ.accessType == 'SELECT' RES.database == 'hr' RES.table == 'employee' TAG._type == 'PII' TAG.attr1 == 'value1' TAGS.PII.attr1 == 'value1' TNAMES.length == 2 TNAMES.indexOf('PCI') != -1
This issue is now resolved.
CDPD-34750: This change is to add the support for retry for policies download, ugsync, tagsync.
This issue is now resolved.
CDPD-34723: Policy engine evaluates policies in the following order: priority, has-deny, has-no-deny. When multiple policies have same priority/has-deny/has-no-deny, the ordering is not deterministic. This doesn't impact the result for access policies - as all denies will be evaluated before allows. However, the result for masking/row-filter can vary when multiple policies exists for a given resource, and these policies define different mask/filter for a given user/group/role.
Given name of a policy is unique within a service, using policy name as the secondary sorting key will result in deterministic evaluation order. This issue is now resolved.
CDPD-34057: Updated Ranger db setup to support Mysql DB versions from and above version 8.0.
This issue is now resolved.
CDPD-34023: Chmod and Chown will honor the ranger policy in both with fallback enabled as well as disabled. Workaround is to have the parent directory RX permission in HDFS for the failing folders/files.
This issue is now resolved.
CDPD-33058: Resolve UI side regression for rendering resources.
This issue is now resolved.
CDPD-32975: Storm library version in Ranger upgraded to fix the CVE.
This issue is now resolved.
CDPD-32974: kylin library version in Ranger upgraded to fix the CVE.
This issue is now resolved.
CDPD-32879: Added a config "ranger-rms.max.requested.notifications" to limit the size of requested notifications during the delta-sync. Setting the config value < 1 or > 50000; the default value will be treated as maxRequestedNotifications=50000. The default value for MAX_REQUESTED_NOTIFICATIONS is 50000. This fix includes the bugs: handleDeltaSync loop runs infinite when it tries to fetch notifications in batch and Full-sync does not reset last_known_version=-1 in x_rms_mapping_provider table.
This issue is now resolved.
CDPD-32874: Improvement in load permission edit page with more number of users and groups data.Added lazy loading for that.
This issue is now resolved.
CDPD-31780: This change is to integrate/certify the Ranger DB KMS with GCP.
This issue is now resolved.
CDPD-31358: During the upgrade this change will update the existing solr policies to fit with new resource and permission types.
This issue is now resolved.
CDPD-31357: Click on the policy resource field that time all available resource options are listed down.
This issue is now resolved.
CDPD-31127: Upgrade netty to 4.1.68+.
This issue is now resolved.
CDPD-28944: Newly created tag/value in policy resources field displayed with "Create" tag.
This issue is now resolved.
CDPD-28752: Provided sorting on specific columns on policy and on audit listing page.
This issue is now resolved.
CDPD-26846: User who wishes to configure custom cipher suite can add a custom property ranger.usersync.https.ssl.enabled.cipher.suites with comma separated value of required ciphers and restart Ranger Usersync.
This issue is now resolved.
CDPD-26334: Fixed tooltip hit for a better user understanding.
This issue is now resolved.
CDPD-22073: While adding value to policy resources, if resource lookup fails then it doesn't show any indication to the user for resource lookup fail.
When this issue occurs, a notification is displayed. This issue is now resolved.
CDPD-16420: Added pause/play button to notification popup.
This issue is now resolved.

Apache Patch Information

  • RANGER-3725
  • RANGER-3691
  • RANGER-3699
  • RANGER-3690
  • RANGER-3675
  • RANGER-3665
  • RANGER-3659
  • RANGER-3509
  • RANGER-3290
  • RANGER-3661
  • RANGER-3600
  • RANGER-3642
  • RANGER-3617
  • RANGER-3609
  • RANGER-3606
  • RANGER-3605
  • RANGER-3586
  • RANGER-3567
  • RANGER-3610
  • RANGER-3550
  • RANGER-3508
  • RANGER-3565
  • RANGER-3620
  • RANGER-3526
  • RANGER-3613
  • RANGER-3647
  • RANGER-3592
  • RANGER-3591
  • RANGER-3577
  • RANGER-3638
  • RANGER-3603
  • RANGER-3568
  • RANGER-3552
  • RANGER-3539
  • RANGER-3569
  • RANGER-3629
  • RANGER-3649
  • RANGER-3520
  • RANGER-3485
  • RANGER-3459
  • RANGER-3427
  • RANGER-3403
  • RANGER-3667
  • RANGER-3533
  • RANGER-3673
  • RANGER-3660
  • RANGER-3630
  • RANGER-3594
  • RANGER-3576
  • RANGER-3666
  • RANGER-3662