You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Abhishek Shukla (Jira)" <ji...@apache.org> on 2020/06/12 13:48:00 UTC

[jira] [Created] (RANGER-2857) Create volume fails for a policy with specific volume/bucket/key names

Abhishek Shukla created RANGER-2857:
---------------------------------------

             Summary: Create volume fails for a policy with specific volume/bucket/key names
                 Key: RANGER-2857
                 URL: https://issues.apache.org/jira/browse/RANGER-2857
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 2.1.0
            Reporter: Abhishek Shukla


*Test Policy Contents:*
{noformat}
{
    "resources": {
        "volume": {
            "values": [
                "volume-ojzj-1",
                "volume-ojzj-2"
            ],
            "isExcludes": false,
            "isRecursive": false
        },
        "bucket": {
            "values": [
                "bucket-jezv-1",
                "bucket-jezv-2"
            ],
            "isExcludes": false,
            "isRecursive": false
        },
        "key": {
            "values": [
                "key-wssb_1",
                "key-wssb_2"
            ],
            "isExcludes": false,
            "isRecursive": false
        }
    },
    "policyItems": [
        {
            "accesses": [
                {
                    "type": "read",
                    "isAllowed": true
                },
                {
                    "type": "write",
                    "isAllowed": true
                },
                {
                    "type": "create",
                    "isAllowed": true
                },
                {
                    "type": "delete",
                    "isAllowed": true
                }
            ],
            "users": [
                "hrt_qa"
            ],
            "groups": [],
            "roles": [],
            "conditions": [],
            "delegateAdmin": false
        }
    ],
    "denyPolicyItems": [],
    "allowExceptions": [],
    "denyExceptions": [],
    "dataMaskPolicyItems": [],
    "rowFilterPolicyItems": [],
    "serviceType": "ozone",
    "options": {},
    "validitySchedules": [],
    "policyLabels": [],
    "zoneName": "",
    "isDenyAllElse": false
}{noformat}
 

*Ozone Client Commands:*
{noformat}
$ ozone sh volume create o3://ozone1/volume-ojzj-1
INFO rpc.RpcClient: Creating Volume: volume-ojzj-1, with hrt_qa as owner.
PERMISSION_DENIED User hrt_qa doesn't have CREATE permission to access volume

$ ozone sh volume delete o3://ozone1/volume-ojzj-1
PERMISSION_DENIED User hrt_qa doesn't have DELETE permission to access volume
{noformat}
 

Now in the same test policy, if I select bucket as *none* or give wildcard [*] for the bucket and key resources, the access is provided to create/delete the volume.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)