基準

代表的な事例

JIRA

Summary

外部仕様の変更

コマンド仕様の変更（注1）

RANGER-2510

Support for Incremental tag updates to improve performance

RANGER-2528

Export API to get zone, unzone as well as tag based policies from Ranger.

RANGER-2536

Ranger Hive authorizer enhancement to enable Hive policies based on resource owners

RANGER-2580

RangerPolicy.getServiceType API should return name of the service-type

RANGER-2597

Allow auditor role user to get details of services and policies from public API

RANGER-2603

Delegate Admin processing incorrectly giving policy access to user - due to owner

RANGER-2613

Public API for listing roles needs to return a Java list of RangerRole objects

RANGER-2624

Issue downloading Ranger Roles in non-kerberized cluster

RANGER-2626

Block unauthenticated access to Ranger REST endpoints in kerberized environment

RANGER-2642

Grant/Revoke REST invocations by non-service users should not specify resource owner

RANGER-2650

Public group should not be given access to all kafka resources in default ranger policies

RANGER-2674

Allow service admins to manage tag policies

RANGER-2712

Revisit privileges for rangerlookup user in default policies

RANGER-2881

Delegate Admin user having role "user" able to create policy which has non-existing users/groups

RANGER-2885

Add missing PermType Java codes for new versions of Kafka

RANGER-785

Ranger plugins should support a formal notion of super user

オプションの内容／値の変更／省略値の変更（注2）

RANGER-2539

Create Default Policies for Hive Databases -default, Information_schema

RANGER-2690

Default service display name is not getting set for Tag service

RANGER-2695

Default displayName for ServiceDef

RANGER-2772

Adding the functionality of merging the policy

RANGER-2811

Ranger should keep trying to create collection in solr until its successfully created

RANGER-2854

Make audit bootstrap property configurable

RANGER-2903

Remove elasticsearch audit's is_enabled property from config

チェック強化（注3）

RANGER-2623

Add Validations to RoleREST apis

RANGER-2808

Service Name must not allow spaces in newly created services

RANGER-2947

[Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service

公開しているファイルの内容／形式（注4）

RANGER-2631

Ranger Audit logs for SHOW commands related to ROLE operations in Hive

RANGER-2890

Add missing log4j properties for audit log

メッセージ内容の変更（注5）

RANGER-2512

RangerRolesRESTClient for serving user group roles to the plugins for evaluation

RANGER-2535

Good coding practices for storing and retrieving data history in ranger

RANGER-2638

Ranger admin Logging improvement

RANGER-2644

Improvement in Ranger encryption algorithm usage.

RANGER-2659

Zone-based policies are not listed for USER_ROLE with delegate admin privilege

RANGER-2660

Option to create missing users/groups/roles while creating/updating/importing policies

RANGER-2665

Policy engine for delegate-admin processing is not built correctly when policy-deltas are enabled and a zone policy is updated

RANGER-2675

Add Logs if keystore is not initialised during Ranger start

RANGER-2722

policies/hive/for-resource api call is returning deleted policies

RANGER-2756

A spelling mistake in RangerHiveAuthorizer

RANGER-2773

Enhanced logging messages for RangerScriptConditionEvaluator class

RANGER-2781

default policy creation fails for policy-items with no users

RANGER-2790

Import start and import end are not in sequence

RANGER-2793

Admin log clogged with a warning

RANGER-2797

changing error to debug as it does not make impact on transactions

RANGER-2805

Create role with non-existing group/user failing due to concurrent threads

RANGER-2806

RangerScriptConditionEvaluator does not initialize correctly with openJDK 11

RANGER-2807

Change audit format for access logs

RANGER-2839

Assorted improvements for debugging and handling of thread terminations, clean-up of unused data, etc.

RANGER-2840

Create policy with non existing group is failing due to to multiple threads creating same group

RANGER-2855

import policy for ranger is not working properly if updateifexist parameter is passed

RANGER-2856

A policy should be deleted if it has no policyItems

RANGER-2858

'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

RANGER-2869

Ranger audit module to provide an option to generate a GUID for each audit log

RANGER-2921

Regression: When all resource and tag(if applicable) policies are deleted then plugin continues to use old set of policies

メッセージの追加・削除（注6）

RANGER-2552

Adding a user to a group is resetting the role/permissions of the user

RANGER-2565

Remove duplicate error messages when test connection fails

RANGER-2617

Provide descriptive error message when role delete not allowed

RANGER-2620

Create empty Role cache file when no roles are present in ranger yet.

RANGER-2630

Ensure that entity deletes are handled even when Atlas sets deleted entity's state as not ACTIVE

RANGER-2637

RangerTags loading issue when Ranger admin service is not available.

RANGER-2646

Refactor: replace references to static configuration instance

RANGER-2652

Refactor policy engine

RANGER-2654

refactor RangerBasePlugins to remove static servicePluginsMap

RANGER-2671

Running the setup.sh in usersync a second time will change the permissions and owner of hadoop core-site.xml

RANGER-2904

Add appopriate warning messages when updates to in-memory policy cache encounter unexpected conditions

RANGER-2922

Query info not included for solr query audits in Ranger

RANGER-2931

Fix PMD Error of RANGER-2922

使用リソースの増加

ハードディスク使用量の増加

RANGER-2529

Create index on obj_id and obj_class_type column of x_data_hist table

RANGER-2550

Increase sort_order field length of all the tables

RANGER-2923

Changing data type of sync_source_info column to accommodate more characters

実行結果の変更

誤った実装の修正（注7）

RANGER-2553

Hive RangerServiceDef isValidLeaf attribute values should not be copied to DataMaskDef and RowFilterDef

RANGER-2556

RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information

RANGER-2569

Policy with isDenyAllElse=true denies request to check if any access is allowed

RANGER-2585

Ranger audits for hive role commands show user as "hive" instead of the effective user

RANGER-2618

Restrict rolename change when a policy/another role with that role exist

RANGER-2786

Ranger usersync group modifyTimestamp parsing should be in 24 hours format

RANGER-2823

RangerResouceTrie.copySubTree() does not set up TrieNode's child nodes correctly

RANGER-2876

allow-exception policy-items are not correctly handled when access-type is '_any'