Apache Ranger 2.0.0 - Release Notes - Ranger - Apache Software Foundation
DUE TO SPAM, SIGN-UP IS DISABLED. Goto
Selfserve wiki signup
and request an account.
Ranger
Blog
Pages
Space shortcuts
File lists
Page tree
Browse pages
tachments (0)
Page History
Resolved comments
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Copy Page Tree
Jira links
Apache Ranger 2.0.0 - Release Notes
Created by
Velmurugan Periasamy
, last modified on
Sep 20, 2019
Release Notes - Ranger - Version 2.0.0
New Feature
RANGER-2049
] - Support doAs in Ranger Admin Portal / REST API
RANGER-2170
] - Ranger supports plugin to enable, monitor and manage Elasticsearch
RANGER-2209
] - Service Definition for ABFS to support Ranger Authorization
RANGER-2232
] - Security Zones feature in Apache Ranger
RANGER-2281
] - Support Trusted Proxy in ranger
RANGER-2325
] - Implement ranger plugin for Ozone
RANGER-2331
] - Ranger-KMS - KeySecure HSM Integration
RANGER-2354
] - Add custom condition at policy level
RANGER-2414
] - Enhancements to support roles in Ranger policies
RANGER-2425
] - Enhance ranger hive plugin to support sql role commands
RANGER-2443
] - Ranger UI support for access via Knox Trusted Proxy
Improvement
RANGER-1715
] - Enhance Ranger Hive Plugin to support authorization on Hive replication Tasks
RANGER-1851
] - Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
RANGER-1935
] - Upgrade Ranger to support Apache Hadoop 3.0.0
RANGER-1958
] - [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
RANGER-1978
] - Upgrade Jackson Databind to 2.8.11
RANGER-2093
] - RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger
RANGER-2140
] - Upgrade spring and guava libraries
RANGER-2148
] - Update Ranger Hive dependency version to 3.0
RANGER-2151
] - Update Ranger Hbase dependency version to 2.0
RANGER-2153
] - Supply the function of reverting policy history version.
RANGER-2157
] - Add NiFi Registry service definition and NiFiRegistryClient
RANGER-2158
] - Performance improvement to REST API call to update policies
RANGER-2161
] - Improvement in policy screen permission item's
RANGER-2162
] - Upgrade c3p0 libraries
RANGER-2164
] - Ranger to add default altlas policy for rangertagsync user.
RANGER-2167
] - Upgrade to Apache parent pom version 20
RANGER-2168
] - Add service admin user through service config
RANGER-2169
] - Create unique index on service and name column of x_policy table
RANGER-2172
] - Good coding practices for unix authentication Service in Ranger
RANGER-2173
] - Optimize Trie constuction and Policy lookup
RANGER-2177
] - Handle validations for duplicate configuration item during service create/edit
RANGER-2181
] - Code Improvement To Follow Best Practices
RANGER-2184
] - Update RangerAtlas authorization to authorize add/update/remove of relationships
RANGER-2188
] - Support multiple threads to build Trie and on-lookup post-setup for Trie nodes
RANGER-2191
] - Update ranger-tool with new options to control Trie
RANGER-2203
] - Review and update database schema for ranger policies to minimize database queries/updates
RANGER-2207
] - Allow resources to appear in column mask policies without being visible in access policies
RANGER-2208
] - Code improvement to fetch User/Group information and Service Config details
RANGER-2210
] - Ranger support for Apache Kafka 2.0.0
RANGER-2212
] - Add multiple urls tips for the ‘Kylin URL’ configuration item when creating the kylin-plugin service
RANGER-2214
] - Do some code improvement for the error message for KylinClient.java
RANGER-2216
] - Ranger Audit UI lacks the feature to search the audits using Policy Id
RANGER-2218
] - Service-Definition update should not allow updates to names of resources, access-types, conditions or data-masks
RANGER-2221
] - Apache Ranger Kafka authorizer should support new resource "DelegationToken" in Apache Kafka 2.0.0 version
RANGER-2222
] - Apache RangerKafkaPlugin support to handle Kafka Cluster as a new resource
RANGER-2231
] - Upgrade to Knox 1.1.0
RANGER-2237
] - Upgrade Kylin version to 2.5.0
RANGER-2239
] - Update to surefire 2.21.0
RANGER-2243
] - Provide option to ranger builds to specifically build a single plugin
RANGER-2251
] - Need to provide options for making java heap size memory configurable in Ranger services
RANGER-2257
] - Add policyID to error message when click the Access log of Audit
RANGER-2258
] - Improve the policy list page to prompt users when the service is disabled
RANGER-2265
] - To make the profile "all" to be active by default when ranger build
RANGER-2266
] - To make Id to ID in Audit Pages of Ranger Admin
RANGER-2267
] - Add a icon to differentiate the status of the service
RANGER-2268
] - Optimize policy and tags migration to new schema
RANGER-2279
] - Reduce the time spent changing passwords during Ranger Admin install
RANGER-2286
] - Ranger install may be prevented by leftover DB entry
RANGER-2287
] - Improve and optimize db_setup.py file code
RANGER-2291
] - Make optimized db schema script idempotent for all DB Flavors
RANGER-2295
] - Set specific Ranger version in patches status entry table
RANGER-2296
] - Enhance Ranger Audit framework to have security zone in the audit
RANGER-2303
] - Add kylin-plugin infomation to README.txt
RANGER-2309
] - Improve group search on policy edit page.
RANGER-2314
] - Do some code improvement for the error message in SqoopClient.java
RANGER-2317
] - Enable compilation on JDK11
RANGER-2322
] - Use "TLS" in SSLContext.getInstance
RANGER-2324
] - Bootstrapping Solr in Ranger service start-up
RANGER-2330
] - Ensure that policy/resource based searches are security-zone aware
RANGER-2332
] - Update Grant/Revoke API access after Security zone feature
RANGER-2340
] - Add Policy Version to the Ranger Audit log
RANGER-2341
] - Support for Incremental policy updates to improve performance of ranger-admin and plugins by optimal building of policy-engine
RANGER-2345
] - Upgrade Apache Solr version to 7.7.0 or later
RANGER-2349
] - Provide an API to download policies and tags
RANGER-2351
] - Implement Import / Export of Policies by Zone
RANGER-2353
] - Upgrade Apache Thrift Java client library to 0.12.0
RANGER-2357
] - Improvement on getServices API
RANGER-2374
] - Add refresh access type to allow sharing policies between Hive and Impala
RANGER-2377
] - Make solr bootstrapping configurable
RANGER-2379
] - Support for associating a tag service with security zone and relevant authorization logic
RANGER-2382
] - Improvement to Access Audit page-Add ‘agentHostname’ column to audit log table, which records IP-address/hostname of the plugin
RANGER-2385
] - Improvement to Audit page -> Plugin status tab
RANGER-2386
] - Code duplication due to RangerCredentialProvider.getCredentialString returns char[]
RANGER-2387
] - add public api v2 for security zones
RANGER-2389
] - Ranger Hive Plugin enhancement for KILL query and Replication commands authorization
RANGER-2390
] - Ranger should add service admin privilege support for hive service objects - LLAP command sets
RANGER-2391
] - Ranger authorization for ADD, COMPILE and CREATE TEMPORARY UDF operation in Hive
RANGER-2392
] - Create / Update zone to have provision to associate Tag based service with zone
RANGER-2394
] - Filter/exclude multiple users in audit search
RANGER-2395
] - Add presto plugin
RANGER-2407
] - [Best Practices] Update/Remove default header values sent from Ranger
RANGER-2408
] - Restrict Ranger User's capabilities according to their role
RANGER-2420
] - Ranger spends 36% of CPU in ObjectMapper
RANGER-2424
] - Track and display application id of service generating access audit on access audit page
RANGER-2427
] - Tag policies are not evaluated if no security zones are configured
RANGER-2431
] - Upgrade Atlas version to 2.0.0
RANGER-2432
] - Upgrade Hadoop Version to 3.1.1
RANGER-2435
] - Add support for sticky breadcrumbs.
RANGER-2436
] - Custom condition: Access from cluster
RANGER-2446
] - Suggestion - Include security zone details as part of admin audit for policy update
RANGER-2454
] - Remove the trailing slash in Ranger URL in RangerAdminJersey2RESTClient
RANGER-2458
] - Cluster property name changes in Ranger Plugin code
RANGER-2464
] - Upgrade spring, zookeeper, c3p0, jackson-databind, tomcat libraries
RANGER-2465
] - Create a PolicyCondition to apply if all given tags are present for the accessed resource
RANGER-2466
] - Improvement in setting cluster Name in RangerAccessRequest
RANGER-2467
] - similar to clusterName custom condition, add clusterType custom condition.
RANGER-2468
] - Upgrade jQuery version in Ranger.
RANGER-2475
] - Replacing bootstrap accordion with jquery SlideToggle.
RANGER-2481
] - Create a tag service when a resource service is created and link it to resource service
RANGER-2482
] - Ranger: use Solr API to upload config set (during bootstrapping)
RANGER-2484
] - Improve import API to merge the policies if resources are exactly same
RANGER-2489
] - Missing dependencies in assembly for Presto plugin
RANGER-2490
] - Add https support while using Solr API to upload config set
RANGER-2494
] - Ranger Custom PolicyCondition for TagsNotPresent and AnyTagPresent
RANGER-2496
] - Update Spring Security version to 4.2.13
RANGER-2498
] - Improvement to plugin status tab.
RANGER-2503
] - Ranger Import API should be able to override an existing policy
RANGER-2506
] - Add cluster name in plugin status tab.
RANGER-2507
] - Support for policy to implicitly deny all accesses not explicitly allowed by it
RANGER-2508
] - Good coding practices for concurrent policy label creation
RANGER-2515
] - add .gitignore for project plugin-presto and ranger-presto-plugin-shim
RANGER-2517
] - UI changes for policy to implicitly deny all accesses not explicitly allowed by it.
RANGER-2523
] - Ranger Admin debug config improvement
Bug
RANGER-1644
] - Change the default Crypt Algo to use stronger cryptographic algo.
RANGER-1738
] - RangerYarnAuthorizer not compatible with Hadoop-3.0.0
RANGER-1951
] - build problems with the saveVersion.py script
RANGER-1955
] - Wrong quoting in Ranger SQL install scripts
RANGER-2112
] - Ranger KMS broken with JDK 8 update 171
RANGER-2114
] - Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1
RANGER-2152
] - Incorrect debugging information in RangerPluginClassLoader.java
RANGER-2155
] - Ranger Tagsync fails to Authenticate to Atlas when Tag Source set to AtlasRest in Kerberos environment
RANGER-2160
] - 'Email Address' search is not working properly along with other filter in user listing page,userRoles filters also needs to be improved.
RANGER-2165
] - Address JPA Cache issue when policies Create, Update and Delete are done via REST API in Apache Ranger admin
RANGER-2166
] - A ClassNotFound exception is thrown with atlasrest as a tag source
RANGER-2180
] - Handle token replacement correctly when token is not defined in the request context
RANGER-2182
] - Handle upgrade scenario since atlas-service def is added with new resources for relationship
RANGER-2183
] - Use INodeAttribute information to authorize HDFS access
RANGER-2186
] - Increment service-specific policy and tag versions after update transaction is committed
RANGER-2187
] - External Group search fails on Ranger UI when installed with postgres
RANGER-2189
] - Atlas service default policies should allow relationship operations for all
RANGER-2193
] - Form validation during testconnection should be consistent with service creation/editing
RANGER-2195
] - TagPolicy not working due to failure in updating tag policy version
RANGER-2196
] - Ensure that any explicit threads used by Ranger are marked as daemon threads
RANGER-2197
] - Delegate Admin is not able to create policy
RANGER-2201
] - Log no ranger audits when entityId value is not null or empty string
RANGER-2204
] - Ranger Admin's admin log event for changing Audit Logging of a policy doesn't show the actual changes
RANGER-2213
] - Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.90.
RANGER-2215
] - Can't copy and paste multiple paths into Ranger Admin UI for HDFS create policy
RANGER-2220
] - Admin UI loads slowly because of many small JavaScript files
RANGER-2224
] - 'drop temporary function
RANGER-2229
] - Perform graceful terminate with retries before doing forceful kill for usersync and tagsync
RANGER-2234
] - Cannot add or update a child row,a foreign key constraint fails when installing ranger-admin
RANGER-2235
] - Modify the login session detail page as a modal.
RANGER-2238
] - String comparison should not use ‘==’ in ServiceUtil.java
RANGER-2241
] - Fix release build scripts to conform to latest Apache release guidelines - Part 2 - Remove sha1 and mds
RANGER-2242
] - JiSQL utility is failing Oracle UDF
RANGER-2244
] - Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.91 or later.
RANGER-2245
] - Exclude Jetty libraries
RANGER-2247
] - Ranger Plugin for HDFS throws StringIndexOutOfBounds exception when policy resource is "\"
RANGER-2248
] - Sorting does not work in AbstractPredicateUtil.java
RANGER-2250
] - Service configs fields are not showing for atlas service form page
RANGER-2252
] - Permission "Kafka Admin" should not be part of Topic resource in Ranger Kafka resource definition
RANGER-2262
] - Improvement of export to excel from report listing page for Oracle database.
RANGER-2263
] - Remove unnecessary explicit dependency for apache commons compress jar in Ranger
RANGER-2264
] - Kafka default policies for new resources are not showing up in UI when upgrade is done from older version
RANGER-2269
] - Implement best coding practices for validating user input
RANGER-2270
] - Restrict tag module access to unprivileged users
RANGER-2272
] - Ensure that case of resource-definition names and access-type names in Ranger policy is the same as in service-definition after successful validation
RANGER-2273
] - Allow service admin and delegated admin user to view list of users and groups though they have 'USER' role
RANGER-2275
] - Make db_setup retry delay configurable
RANGER-2276
] - Email Address should be verified when Add New User in Ranger Admin
RANGER-2277
] - Kylin repository config missing "Common Name for Certificate"
RANGER-2278
] - Unable to delete user if he has references in new ref tables.
RANGER-2280
] - The emptyText of User Sync and Plugin Status should be reasonable
RANGER-2282
] - The error message for changing password is incorrect in User Profile page.
RANGER-2283
] - User is getting total count of groups even if he is assigned to one group due to which pagination is breaking
RANGER-2284
] - Unable to build image using docker
RANGER-2288
] - Sqoop repository config missing "Common Name for Certificate"
RANGER-2289
] - Unable to get Audit Admin tab page.
RANGER-2292
] - Test case fix for RANGER-2276
RANGER-2294
] - Front-end and back-end email address regular expression should be the same
RANGER-2297
] - getContentSummary validation failure
RANGER-2298
] - Modify JAVA_VERSION_REQUIRED to 1.8 in install.properties
RANGER-2299
] - Modify the permissions of the kms install.properties file to 700
RANGER-2304
] - Need to add property dfs.permissions.ContentSummary.subAccess when enabling Ranger HDFS plugin manually
RANGER-2305
] - When Audit spooling to local filesystem is enabled, log files of the component have show a wrong error message
RANGER-2306
] - Knox Plugin doesn't pass X-Forwarded-for remote address to Ranger
RANGER-2307
] - Native code can segfault or return misleading error messages
RANGER-2311
] - After the user profile is updated, the page still displays the original information.
RANGER-2313
] - tagsync fails to authenticate with ranger in kerberized cluster when using ranger-tagsync-update.sh script
RANGER-2316
] - Incorrect path in Quick State Guide at
RANGER-2318
] - Incorrect git url on the homepage
RANGER-2321
] - Docker build fails due to PhantomJS dependency
RANGER-2326
] - zoneName field is getting added with type "boolean" in Ranger Solr schema
RANGER-2327
] - Update Ranger db schema to use common sequence name
RANGER-2328
] - Time-based policies do not work correctly if access time is not set in the authorization request
RANGER-2333
] - Logs does not get generated for Zone Description field available on Security Zone page.
RANGER-2334
] - Audits: filter out service audit logs and additional users logs from user audit logs
RANGER-2335
] - Overlapping of 'include' toggle button on policy create/edit page.
RANGER-2336
] - Ranger HBase plugin should pack guava lib as a dependency.
RANGER-2337
] - Context-Enrichers need to clean up completely when the policy-engine is destroyed
RANGER-2339
] - UI changes for User role users should also have access to Security Zone
RANGER-2342
] - Exclude jackson jaxrs library from ranger-admin packaging
RANGER-2343
] - Evaluate tag policies in the same security zone as accessed resource
RANGER-2344
] - Ranger HBase Test failure due to Mini HBase cluster start up issue.
RANGER-2347
] - Restrict capabilities of security zone administrator and auditor
RANGER-2350
] - Ranger UI: Clicking on zone edit Breadcrumb redirect to 404 page not found
RANGER-2352
] - Ranger installation is failing for Oracle and Postgres DB
RANGER-2355
] - Reports page: policy listing to have column of Zone name
RANGER-2356
] - External user's email address can be edited
RANGER-2359
] - Show zone association with tag based service.
RANGER-2367
] - Hive "show grants" when Ranger is authorizer should show permission details from Ranger
RANGER-2371
] - Security Zone policies do not work correctly when incremental policy updates are enabled
RANGER-2372
] - Remove non-existing URL entries from spring config file
RANGER-2373
] - User creation POST and PUT response not showing groupIdList and groupNameList with expected data
RANGER-2375
] - RangerAuthContext is not correctly initialized
RANGER-2376
] - Ranger Plugin ClassLoader Doesn't Restore Thread ClassLoader
RANGER-2381
] - Failed to refresh policies when servicename contains space
RANGER-2383
] - Incorrect response when trying to delete user attached to a security zone
RANGER-2384
] - Get All Zones API is returning response in raw format,proper response object is required.
RANGER-2396
] - Inconsistency in policy operations in a disabled Ranger service
RANGER-2397
] - HiveServer2 fails to start with Hive Plugin for Ranger
RANGER-2399
] - User's listing page hits users API call twice from UI
RANGER-2400
] - policy name needs to be unique within security zone and service
RANGER-2401
] - Ranger Secuity Zone needs to be added in audit type filter in admin audit
RANGER-2403
] - proper error should be thrown when service part of zone being deleted
RANGER-2404
] - Delegate-admin permission granted by policy needs to be effective only within the zone to which the policy belongs
RANGER-2405
] - Evaluation of Ranger policies targeted to valid but partial resources
RANGER-2406
] - rangerusersync open too many session for ldap sync
RANGER-2409
] - Policy level condition sample matcher initialization issue
RANGER-2411
] - Restrict Admin role user to create Zone for KMS service
RANGER-2412
] - Policy Condition Evaluators existing and newly created should work in both policy level and policy item level
RANGER-2413
] - Python script to update rangertagsync config properties
RANGER-2415
] - Value of isExcludes flag needs to be considered when matching accessed resource to Ranger policy
RANGER-2417
] - Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin
RANGER-2419
] - Improve sql script to skip statements when atlas service def is not supported
RANGER-2421
] - Solr audit fails in Atlas plugin
RANGER-2423
] - Ranger KnoxSSO authentication in Ranger HA environment
RANGER-2430
] - Zoneadmin User is able to create policy for those services which is not associated to zone
RANGER-2434
] - Remove dependency from com.google.common.base.Objects or MoreObjects
RANGER-2437
] - Update grant/revoke error message to provide more information about the principal type
RANGER-2438
] - Legacy PublicAPI REST API to get all policies fails
RANGER-2439
] - Unable to view policy details from access audits when policy has policy condition at policy level
RANGER-2444
] - Admin logs are not getting generated when "policy level" policy condition is updated
RANGER-2445
] - Import of Tag based policies for zone
RANGER-2449
] - if service part of zone is not present then null pointer exception is thrown
RANGER-2451
] - Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.
RANGER-2453
] - Tag data-masking policy should allow only one tag as resource
RANGER-2455
] - When service created inside a zone landing page that service gets created in unzonned landing page.
RANGER-2456
] - Upgrade of Ranger Admin to the current version fails in PatchForKafkaServiceDefUpdate_J10025
RANGER-2459
] - [E] ranger_core_db_mysql.sql file import failed!
RANGER-2463
] - Ranger admin authorization audits fails intermittently to fetch from Solr
RANGER-2469
] - java.lang.IllegalArgumentException: More than one fragment with the name during Ranger start after RANGER-2464
RANGER-2473
] - Upgrade of Ranger Admin to the current version fails in PatchForAtlasResourceAndAccessTypeUpdate_J10016
RANGER-2474
] - Policy version and details in access audits wrong when deny condition added to policy
RANGER-2478
] - Exception in thread "main" java.lang.NoClassDefFoundError: com/google/common/base/Preconditions
RANGER-2479
] - Change test connection preferred SQL statement for Oracle DB Flavor
RANGER-2480
] - Hive URL Policy doesn't match if recursive flag is on for the url resource
RANGER-2485
] - Security zone filter is causing Ranger audit access request waiting for longer
RANGER-2487
] - Resource policy names with a characters that are typically HTML escaped mutate and grow as they are saved.
RANGER-2493
] - Ranger takes long time to delete a service with many policies
RANGER-2500
] - Zone Policies not getting imported when 'updateIfExists=true' is passed through curl.
RANGER-2502
] - Presto plugin insert bug
RANGER-2509
] - Add validation message for Importing non JSON file on import action.
RANGER-2511
] - default tag based service is getting created for the tag based service
RANGER-2513
] - Unable to delete user if he has references in new ref tables.
RANGER-2514
] - Search field validation prompt is inconsistent with field names in audit page
RANGER-2516
] - Update Ranger default policies to provide entity-read access to public group
RANGER-2518
] - Allow service creator to delete the service
RANGER-2519
] - Import policy may fail if a policy exists with same guid in another service
RANGER-2520
] - Prevent Roles to be saved in Ranger Role Management page when user or groups are not added to the role
Test
RANGER-2150
] - Unit test coverage for XUserMgr and UserMgr class
RANGER-2171
] - Unit Test cases to cover policy operations from service admin user
Wish
RANGER-2255
] - Add JavaScript unit tests
RANGER-2319
] - Remove deprecated phantomjs NPM package
Task
RANGER-2198
] - Remove deprecated client API from HBase plugin
RANGER-2226
] - Define explicit (test) dependency on json-smart in the Knox agent
RANGER-2256
] - Grammatical error in UI
RANGER-2422
] - Zone Admin and Zone Auditor can see only its associated audit access log
RANGER-2452
] - Release Ranger 2.0.0
Sub-task
RANGER-2175
] - Write install guide for Ranger Elasticsearch plugin RANGER-2170
RANGER-2219
] - De-normalize schema for storing tags and related objects
RANGER-2260
] - Atlas servicedef version change patch should update atlas access type def for tag def also.
RANGER-2274
] - Allow delegated admin user to view list of users and groups though they have 'USER' role
RANGER-2293
] - Create and update ref tables for security zone data
RANGER-2310
] - Record admin audits in Ranger during Create, Update and Delete operations on Zone
RANGER-2320
] - Make db schema patches script idempotent for all DB Flavors
RANGER-2402
] - Best Practices: Make db schema script idempotent
RANGER-2429
] - Ranger KMS is not starting properly
RANGER-2477
] - Ranger KnoxSSO authentication when X-Forwarded-Host header is not forwarded
No labels
Overview
Content Tools
Atlassian Confluence Open Source Project License
granted to Apache Software Foundation.
Evaluate Confluence today
Atlassian Confluence
8.5.31
Printed by Atlassian Confluence 8.5.31
Report a bug
Atlassian News
Atlassian
{"serverDuration": 119, "requestCorrelationId": "8d9cd01cd0b80797"}
US