You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Brijesh Bhalala <br...@gmail.com> on 2023/03/23 09:24:19 UTC

Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/
-----------------------------------------------------------

Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.


Bugs: RANGER-4146
    https://issues.apache.org/jira/browse/RANGER-4146


Repository: ranger


Description
-------

Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.

To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.


Diffs
-----

  security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx 5d6ad75a1 
  security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx 863ae5e96 


Diff: https://reviews.apache.org/r/74359/diff/1/


Testing
-------

1)Build and Verified Ranger Admin setup with this changes.
2)Verified the Following things:-
 - CRUD operation on policy form.


Thanks,

Brijesh Bhalala

Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

Posted by Mugdha Varadkar <mu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/#review225327
-----------------------------------------------------------


Ship it!




Ship It!

- Mugdha Varadkar


On March 31, 2023, 1:18 p.m., Brijesh Bhalala wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74359/
> -----------------------------------------------------------
> 
> (Updated March 31, 2023, 1:18 p.m.)
> 
> 
> Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.
> 
> 
> Bugs: RANGER-4146
>     https://issues.apache.org/jira/browse/RANGER-4146
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.
> 
> To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx 7f43260ce313193044f068f6854b25bce61d8fb6 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 6fa85ad8c93c85686567ac59adbadb131701896b 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx abc9942f92da5f5e98a783d9f3f6bfded960fb0b 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx a1e5731a6367787c502ad2ca22f4567eafa48c16 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx a1b31e366371f72a6f29b783c33d3617136d43ee 
>   security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx 79ca5c55fa75eab1c5a3381aa0414984ff35a41b 
> 
> 
> Diff: https://reviews.apache.org/r/74359/diff/2/
> 
> 
> Testing
> -------
> 
> 1)Build and Verified Ranger Admin setup with this changes.
> 2)Verified the Following things:-
>  - CRUD operation on policy form.
> 
> 
> Thanks,
> 
> Brijesh Bhalala
> 
>

Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

Posted by Dhaval Rajpara <dh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/#review225335
-----------------------------------------------------------


Ship it!




Ship It!

- Dhaval Rajpara


On March 31, 2023, 1:18 p.m., Brijesh Bhalala wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74359/
> -----------------------------------------------------------
> 
> (Updated March 31, 2023, 1:18 p.m.)
> 
> 
> Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.
> 
> 
> Bugs: RANGER-4146
>     https://issues.apache.org/jira/browse/RANGER-4146
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.
> 
> To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx 7f43260ce313193044f068f6854b25bce61d8fb6 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 6fa85ad8c93c85686567ac59adbadb131701896b 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx abc9942f92da5f5e98a783d9f3f6bfded960fb0b 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx a1e5731a6367787c502ad2ca22f4567eafa48c16 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx a1b31e366371f72a6f29b783c33d3617136d43ee 
>   security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx 79ca5c55fa75eab1c5a3381aa0414984ff35a41b 
> 
> 
> Diff: https://reviews.apache.org/r/74359/diff/2/
> 
> 
> Testing
> -------
> 
> 1)Build and Verified Ranger Admin setup with this changes.
> 2)Verified the Following things:-
>  - CRUD operation on policy form.
> 
> 
> Thanks,
> 
> Brijesh Bhalala
> 
>

Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

Posted by Brijesh Bhalala <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/
-----------------------------------------------------------

(Updated March 31, 2023, 1:18 p.m.)


Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.


Bugs: RANGER-4146
    https://issues.apache.org/jira/browse/RANGER-4146


Repository: ranger


Description
-------

Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.

To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.


Diffs (updated)
-----

  security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx 7f43260ce313193044f068f6854b25bce61d8fb6 
  security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 6fa85ad8c93c85686567ac59adbadb131701896b 
  security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx abc9942f92da5f5e98a783d9f3f6bfded960fb0b 
  security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx a1e5731a6367787c502ad2ca22f4567eafa48c16 
  security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx a1b31e366371f72a6f29b783c33d3617136d43ee 
  security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx 79ca5c55fa75eab1c5a3381aa0414984ff35a41b 


Diff: https://reviews.apache.org/r/74359/diff/2/

Changes: https://reviews.apache.org/r/74359/diff/1-2/


Testing
-------

1)Build and Verified Ranger Admin setup with this changes.
2)Verified the Following things:-
 - CRUD operation on policy form.


Thanks,

Brijesh Bhalala