Apache Ranger 2.2.0 - Release Notes - Ranger - Apache Software Foundation

Apache Ranger 2.2.0 - Release Notes - Ranger - Apache Software Foundation
DUE TO SPAM, SIGN-UP IS DISABLED. Goto
Selfserve wiki signup
and request an account.
Ranger
Blog
Pages
Space shortcuts
File lists
Page tree
Browse pages
tachments (0)
Page History
Resolved comments
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Copy Page Tree
Jira links
Apache Ranger 2.2.0 - Release Notes
Created by
Ramesh Mani
, last modified on
Dec 08, 2021
New Features
RANGER-2640
] -
Implement SHOW ROLE GRANT in Hive ranger plugin
RANGER-3000
] - Audit-filter feature implementation to help reduce volume of audit logs generated
RANGER-3191
] -
Ranger UI for configuring Audit filters.
RANGER-3241
] -
Need feature to make the access log file name configurable
RANGER-3242
] -
Need feature to make the access log file name configurable for user
RANGER-3248
] -
In Ranger Audit collection number of shards should be depending on the number of infra-solr nodes
RANGER-3249
] -
Enhance RangerScriptExecutionContext class to provide APIs for comprehensive tag information
RANGER-3397
] -
Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation
Improvements
RANGER-2767
] -
Ranger showing only 100 services in ranger admin ui
RANGER-2910
] - Add kerberos and SSL support for client libraries
RANGER-2937
] - Refresh Ranger's Solr configs
RANGER-2946
] - Ranger UI - third party library version upgrades
RANGER-2950
] - Upgrade Spring framework and Spring Security libraries
RANGER-2972
] - REST api to delete service/ repo using cluster name
RANGER-2983
] - Add HBase users with decrypteek permission in default policy for kms
RANGER-2986
] - Performance improvements for Ranger usersync
RANGER-2995
] - Add 'exclude service users' option in URL param
RANGER-2996
] - Add search by Roles and Auditor user should be able to see "Roles" tab
RANGER-2998
] - API for Ranger KMS service status
RANGER-3001
] - Update Ranger KafkaClient to use Kafka AdminClient API instead of Zookeeper
RANGER-3002
] - Query info popup stuck in Ranger access audits view
RANGER-3006
] - Add cluster name field to service create form
RANGER-3008
] -
Internal API for controlling Trie behavior
RANGER-3011
] -
Code improvement for Audit Access Log Detail popup
RANGER-3012
] -
Dockerfile to support building from local repository
RANGER-3013
] -
Remove minor version of "jna" jar file
RANGER-3017
] -
RangerHiveAuthorizer should authorize URL in Hive tempUDFs operation
RANGER-3020
] -
Normalize naming and processing of config parameters for chained plugin
RANGER-3024
] -
Improve response time and refactor code for GET API /service/xusers/lookup/users
RANGER-3027
] -
Improve response time for GET API service/xusers/users
RANGER-3029
] -
Ranger - Upgrade handlebars 1.3.0 to 4.6.0
RANGER-3044
] -
User is not able to change the password from user profile page
RANGER-3050
] -
Password can not be changed in User Profile page
RANGER-3056
] -
Show Audit ID in Audit->Access tab
RANGER-3057
] -
Support Audit search based on Audit ID
RANGER-3065
] -
RangerServiceResource model object needs to be enhanced to store/track any additional information about the resource
RANGER-3067
] -
Schema changes to improve performance of chained plugin feature
RANGER-3076
] -
[New UI] if service side bar expanded then include/exclude toggle button in hive policy gets shrink
RANGER-3078
] -
Supporting import policy based on PolicyName, ServiceName and ZoneName
RANGER-3087
] -
Making db_setup.py fool-proof and robust
RANGER-3091
] -
Upgrade solr version in Ranger to Solr 8.6.3
RANGER-3096
] -
Upgrade to Kafka 2.5 with kafka_2.12 artifact in Ranger
RANGER-3103
] -
Ranger KMS should log full UGI principal
RANGER-3105
] -
Upgrade Ranger Tomcat to 8.5
RANGER-3109
] -
Ranger Access audit improvements
RANGER-3118
] -
Upgrade jackson to 2.11.3
RANGER-3119
] -
Upgrade to slf4j 1.7.30
RANGER-3120
] -
[Ranger Latest UI] Long tag based service names are not shown correctly
RANGER-3122
] -
Support delegate-admin for specific permissions
RANGER-3130
] -
[Ranger Admin UI] Improvement in Ranger Latest UI's Edit Policy Page
RANGER-3131
] -
Remove some warnings in Maven build output
RANGER-3147
] -
enhance resource-trie to enable finding evaluators for a given resource and its children
RANGER-3153
] -
Upgrade to TLS to version 1.2 and above
RANGER-3157
] -
Improvements for audit details page part-2
RANGER-3168
] -
User/Auditor should have read-only access for Servicedef via PublicAPIsv2 API
RANGER-3185
] -
Docker setup to run Ranger enabled HiveServer2
RANGER-3186
] -
[Ranger Access Audit Improvement]Changes done from one user, persists for other users as well.
RANGER-3192
] -
Use read-write locks for managing access to policy-engine and tag-repository
RANGER-3196
] -
Docker setup to cache archives to avoid repeated downloads
RANGER-3200
] -
Ranger KMS - Upgrade api-i18n jar from 1.0.0-M20 to 1.0.2+
RANGER-3201
] -
Ranger KMS - Upgrade api-i18n jar from 1.0.0-M20 to 1.0.2+
RANGER-3202
] - Ranger KMS - Upgrade api-i18n jar from 1.0.0-M20 to 1.0.2+
RANGER-3206
] -
Enhance db_setup.py to allow reading env variables set in ranger-admin-env scripts
RANGER-3207
] -
Graceful handling of invalid usernames for usersync
RANGER-3209
- Upgrade netty-all.version 4.1.49.Final to 4.1.60.Final
RANGER-3210
] -
Upgrade Tomcat to 8.5.63+
RANGER-3212
] -
Java client: Support for SSL, kerberos and packaging
RANGER-3213
] -
Ranger - Upgrade to velocity 2.3
RANGER-3214
] -
Configure default audit filters when ranger repo is created
RANGER-3223
] -
Documentation of Ranger Java Client
RANGER-3227
] -
Get Exception when visit result of RangerClient.findRoles()
RANGER-3228
] -
Improvement in audit filter feature
RANGER-3239
] -
Ranger : Add checkbox for default audit filters on Service Creation page
RANGER-3240
] -
Show Latest Response from Server on all pages of Ranger UI
RANGER-3246
] -
Upgrade netty-all version to 4.1.61.Final +
RANGER-3247
] -
[UI-improvement] Ranger admin audit log does not show service/repo name in the policy operation
RANGER-3250
] -
Add relevant indexes to database table to speed up ingress processing of tagged entities
RANGER-3251
] -
[Ranger Audit Filters UI] Tag, KMS service not showing the audit filters in UI section
RANGER-3052
- Cannot search by object name in page /reports/audit/admin
RANGER-3253
] -
Make incremental policy change computation more resilient
RANGER-3254
] -
sync source changes when same group is present in different sync source
RANGER-3284
] -
Simplify processing of tasks scheduled to execute after current transaction is completed
RANGER-3285
] -
expose user source details in ranger UI
RANGER-3287
] -
Improve Tagsync authentication error reporting
RANGER-3293
] -
Show user source details on user tab in ranger UI.
RANGER-3295
] -
Update Ranger Policy Engine capability matrix
RANGER-3305
] -
Service version update improvements
RANGER-3306
] -
Allow comma in policy resource text field.
RANGER-3308
] -
Create python script to test stability of policy CRUD
RANGER-3309
] -
Support batch upload of tags to Ranger
RANGER-3324
] -
Make optimised db schema script idempotent for all DB Flavors.
RANGER-3328
] -
RANGER-KMS : code improvement
RANGER-3334
] -
Enhance Ranger admin REST Client to use cookie for policy, tag and role download
RANGER-3339
] -
Make Ranger Solr audit collection storage configurable
RANGER-3347
] -
Add default policy for hbase user in hdfs services
RANGER-3349
] -
Handling multiple grant role command for same user
RANGER-3357
] -
Ranger HivePlugin Authorization for a new Hive operation
RANGER-3358
] -
Ranger - Upgrade Tomcat to 8.5.69
RANGER-3360
] -
Best Practice: Use updated policy object after pruning the policy object
RANGER-3361
] -
Ranger Admin : Improve error message while deleting users and groups associated with role.
RANGER-3362
] -
UI Improvements
RANGER-3363
] -
Support Session Inactivity Timeout for Ranger
RANGER-3371
] -
Update algorithm to build Ranger policy-database object from Ranger policy-view object
RANGER-3374
] -
Syncing 300K+ user group mappings to ranger is causing ranger to go out of memory
RANGER-3376
] -
Add policy_guid column in x_policy_change_log table
RANGER-3381
] -
Upgrade to junit 4.13.1
RANGER-3384
] -
Metric Get API add input validation
RANGER-3388
] -
Session Inactivity Timeout: Ranger UI part
RANGER-3396
] -
RangerPolicyItemRowFilterInfo::toString() method shows "RangerPolicyItemDataMaskInfo" as class name
RANGER-3447
] -
Ranger startup optimization: reduce number of DB queries to read service-defs
Bugs
RANGER-2940
] - Added code to update user roles when group memberships are changed with AD/LDAP incremental sync
RANGER-2981
] -
Unwanted popup display on Security Zone Tab
RANGER-2985
] - User with all permission in ranger is not able to update volume
RANGER-2987
] - Remove unused ratis jars in ranger admin packaging for ozone plugin
RANGER-2988
] - Role Name Search filter is not available on policy listing page
RANGER-2991
] - Ranger should close solrclient connection
RANGER-2997
] - Ranger usersync role assignment issues
RANGER-3002
] - Query info popup stuck in Ranger access audits view
RANGER-3007
] - Ozone & Ranger Upgrade: Not able to access volume after Upgrade
RANGER-3014
] - Revert
RANGER-2789 GET API service/xusers/users turns very slow when there are more than 1000 users
RANGER-3021
] -
RangerRole Version update is not in correct format in an upgraded cluster
RANGER-3034
] -
Remove cached policies in plugin if the service is deleted in Ranger admin
RANGER-3037
] -
Import policy API is not returning proper response in case pre authorization fails
RANGER-3038
] -
Group memberships not getting updated to ranger
RANGER-3058
] -
create table fails when ViewDFS(client side HDFS mounting fs) mount points are targeting to Ozone/S3 FS
RANGER-3060
] -
Maven build failing due to PMD violations
RANGER-3061
] -
Default configuration error when enable ssl for ranger admin
RANGER-3062
] -
Even after removing ‘Security Zone’ permission for an user, UI still shows ‘Security Zone’ tab
RANGER-3064
] -
Make policy API consistent with the UI behavior for keyadmin role
RANGER-3068
] -
Ranger Usersync is not handling error during initialization process
RANGER-3070
] -
Add Support for using {OWNER} placeholder in Ozone Ranger Plugin
RANGER-3071
] -
Supporting character set which is not included in latin1
RANGER-3073
] -
Incorrect UI hint message for password validation in FIPS environment
RANGER-3074
] -
Fix build issues
RANGER-3079
] -
Fix build failures for ranger-2.2 branch
RANGER-3083
] -
denyAllElse policy does not handle access request with access-type of '_any'
RANGER-3084
] -
Ranger database connection fails when postgres is SSL enabled & postgresql-42.2.14 driver jar is used
RANGER-3088
] -
Build tagged-resource-cache using memory optimization flags identical to policy-cache
RANGER-3090
] -
KMS setup.sh fails due to blank property value of ranger.ks.db.ssl.certificateFile
RANGER-3093
] -
Add required libraries to ranger-tools to ensure that perftester scripts run correctly
RANGER-3094
] -
Ranger HDFS audit not capturing the correct path for write rename operations
RANGER-3095
] -
not able to list the keys with a user whose id contains non latin character
RANGER-3098
] -
Updates to validity period of tag are not reflected in Ranger database
RANGER-3101
] -
Ranger usersync not recovering from initial errors in subsequent syncs
RANGER-3104
] -
Ranger Hive policy with nested Roles failed to authorize request
RANGER-3107
] -
Optimize memory requirements for storing Tag/Policy/Zone trie - Trade-off processing time for memory
RANGER-3112
] -
Ranger usersync unit test cases are failing on mac
RANGER-3117
] -
Need feature to capture URL of a particular instance of audit event
RANGER-3121
] -
HBase list command authorization issue in Ranger
RANGER-3124
] -
Search filter with user name having non latin character is not working on Audit>>Access tab
RANGER-3129
] -
Python client uses incorrect default value assignment for method parameters
RANGER-3134
] -
Remove global JAAS Configuration for Ranger auditing to SOLR
RANGER-3140
] -
Ranger ShutdownHook hook to be called in RangerHBaseCoprocessor preShutdown apis for a clean shutdown of HBase
RANGER-3143
] -
Ranger usersync, user group mapping for user deletion is not syncing up, if only one user is present in the group
RANGER-3149
] -
Adding exisitng policy check for PatchForKafkaServiceDefUpdate_J10033
RANGER-3156
]  -
RangerResouceTrie.add() and RangerResourceTrie.delete() do not work correctly for the resources containing wildcards
RANGER-3159
]  -
Having any permission on hbase tables should allow listing of tables
RANGER-3163
] -
Ranger Database deadlock when Service creation and user sync are running parallel
RANGER-3169
] -
Ranger Usersync config for keystore type and truststore type for LDAPS are not effective
RANGER-3171
] -
Ranger ui became broken after logout in Firefox
RANGER-3172
] -
Patch to migrate old policy to use new Policy Ref table
RANGER-3175
] -
Add back the support to provide option to retrieve users from group member attribute
RANGER-3178
] -
Fix spurious full policy/tag downloads when incremental policy/tag updates are enabled
RANGER-3187
] -
Roles download failed in Ranger after upgrade
RANGER-3190
] -
Skip python unit tests if requests library not present
RANGER-3194
] -
Ranger Access Audits page not loading
RANGER-3199
] -
illegal reflective access operation warning in KMS catalina.out logs
RANGER-3203
] -
Add back the support to provide option to retrieve groups from user memberof attribute
RANGER-3205
] -
Policy Item not render in report page
RANGER-3207
] -
Graceful handling of invalid usernames for usersync
RANGER-3208
] -
NPE in Ranger policy engine when processing SELF_OR_CHILD scoped search
RANGER-3218
] -
User getting denied even after having tag based policy
RANGER-3220
] -
Zone name is not getting populated for tag based policy.
RANGER-3224
] -
Not able to delete security-zone
RANGER-3229
] -
Correct Kafka default policy item for all-delegation token and rangerlookup user
RANGER-3233
] -
Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka LoginManager
RANGER-3234
] -
Ranger db patch no 045 is failing for oracle db.
RANGER-3235
] -
Remove hive-exec dependency from Ranger audit frame work
RANGER-3238
] -
Incorrect response for 'ranger_metric denyconditions' in Collect Diagnostic Data
RANGER-3252
] -
Inconsistent behavior in Ranger Role authorization with in same hive beeline session
RANGER-3259
] -
[Ranger Audit Filter] Ranger role is allowed to delete, even if its used in audit filters
RANGER-3260
] -
Update default hdfs audit filters to filter out unwanted audits
RANGER-3261
] -
Remove unused .htaccess file from component
RANGER-3262
] -
Ranger group memberships are not working for LDAP sync
RANGER-3263
] -
libthrift 0.14.x exclude tomcat-embed-core from dependency
RANGER-3264
] -
[Solr Ranger Plugin] Add support/Fix Test connection with Solr service
RANGER-3266
] -
Solr inter-node communication not working after enabling Ranger
RANGER-3268
] -
Ranger Audit filter should filter audits that are created by Hive Role command operations
RANGER-3272
] -
Zone tag policies are getting deleted when zone is updated
RANGER-3275
] -
Need to update solr-config.xml in the ranger-audits collection config-set
RANGER-3277
]-
Number of users/groups marked for delete are not shown in logs
RANGER-3280
]-
Ensure that the policy/tag versions gets correctly updated for every change to service/policy/tag
RANGER-3286
] -
Oracle upgrade fails with oracle: SQLSyntaxErrorException in 052-add-unique-constraint-on-change-logs
RANGER-3288
] -
Ranger Audit Filters doesn't filter hdfs read operation when filter is set to not audit read
RANGER-3291
] -
NPE in BasePlugin if the first policy download contains no policies and no policy-deltas
RANGER-3292
[ -
Fix ConcurrentModificationException from RangerTransactionSynchronizationAdapter
RANGER-3294
] -
AccessResult attribute with isAudited as false not filtered in Ranger Audit Filter
RANGER-3297
] -
Internal user is not marked as external after the user sync source details are changed
RANGER-3301
] -
[UI] in admin audit log tables not formatted correctly for long string value for resources.
RANGER-3304
] -
Create solr audit conf zip archive
RANGER-3311
] -
Ranger Usersync not retrying failed updates for unix or file sync source
RANGER-3312
] -
Role is getting removed from policy when user present in that policy is deleted
RANGER-3320
] -
ranger tags are not added for when tagging identically named database/tables in two different Ranger services
RANGER-3322
] -
remove grant of public synonym privileges for oracle db
RANGER-3323
] -
Ranger Hive Table lookup is not working
RANGER-3325
] -
Roles information not present in the Excel and CSV files which are downloaded from Reports page
RANGER-3333
] -
Ozone Ranger Audits are not showing up in Ranger Admin UI for "om" service user
RANGER-3336
] -
All policies are exported, when searching reports using roles
RANGER-3337
] -
Ranger policy not taking effect with HDFS Snapshots
RANGER-3338
] -
Masking and Row filter policy are getting exported from report page when Policy type=Access
RANGER-3341
] -
External user's role creation may fail in certain version of MariaDB
RANGER-3343
] -
Ranger policy cache is incorrect in some scenario
RANGER-3344
] -
Ranger Admin fails to start with java.lang.NoClassDefFoundError: org/apache/htrace/core/Tracer$Builder
RANGER-3345
] -
Default Ranger policy for KMS should include "om" user for Ozone bucket level encryption to work
RANGER-3350
] -
Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session
RANGER-3351
] -
Incorrect hive query displayed for grant and revoke role command
RANGER-3353
] -
Show roles is not listing all roles
RANGER-3355
] -
Ranger Admin : Update the current logging mechanism to use custom log4j conf
RANGER-3366
] -
Cluster type is missed in copy constructor of RangerAccessRequestImpl
RANGER-3367
] -
[Intermittent] Ranger Admin perf logs are not getting logged after Spring Security upgrade
RANGER-3372
] -
Issue in policies search on report page with user having more than one unix group
RANGER-3385
] -
Duplicate SQL prefix should not be allowed
RANGER-3387
] -
Ranger Admin Header Validation
RANGER-3398
] -
Duplicate JAVA patch suffix should not be allowed
RANGER-3404
] - user with no permissions can access and edit delegate admin only policies
RANGER-3419
] -  compressDeltas method returns two ranger policy entries for policy create+update case when provided lastKnownVersion is previous to create call
RANGER-3441
] -
PropertiesUtil (Admin) logging potentially sensitive data
RANGER-3446
] -
log4j initialization failure in docker setup
[RANGER-3455
] -
[Logout-Ranger] Should either be disabled/ should redirect to knox logout page
RANGER-3462
] -
User with delegated admin permission on a resource cannot fetch policy for the resource
RANGER-3480
] -
Policy version in access audit is not matching with the policy version seen in policy view
RANGER-3481
] -
Incremental policy updates do not work correctly for multiple security zones
RANGER-3489
] -
Add htrace-core.jar as dependency for various Ranger Plugins
No labels
Overview
Content Tools
Atlassian Confluence Open Source Project License
granted to Apache Software Foundation.
Evaluate Confluence today
Atlassian Confluence
8.5.31
Printed by Atlassian Confluence 8.5.31
Report a bug
Atlassian News
Atlassian
{"serverDuration": 123, "requestCorrelationId": "510e8e93f846a47d"}