RANGER-4690: updated Hive plugin to fix incorrect policy version in a…

…ccess audits in case of deny due to masking/row-filter policies Signed-off-by: Madhan Neethiraj <madhan@apache.org>
apache · Feb 8, 2024 · 741f233 · 741f233
1 parent 168613e
commit 741f233
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/...t/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/...t/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1068,6 +1068,7 @@ public void checkPrivileges(HiveOperationType         hiveOpType,
 
 						result.setIsAllowed(false);
 						result.setPolicyId(rowFilterResult.getPolicyId());
+						result.setPolicyVersion(rowFilterResult.getPolicyVersion());
 						result.setReason("User does not have access to all rows of the table");
 					} else {
 						// check if masking is enabled for any column in the table/view
@@ -1082,6 +1083,7 @@ public void checkPrivileges(HiveOperationType         hiveOpType,
 
 							result.setIsAllowed(false);
 							result.setPolicyId(dataMaskResult.getPolicyId());
+							result.setPolicyVersion(dataMaskResult.getPolicyVersion());
 							result.setReason("User does not have access to unmasked column values");
 						}
 					}