You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Nitin Galave <ni...@gmail.com> on 2017/10/11 08:17:45 UTC

Review Request 62881: RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62881/
-----------------------------------------------------------

Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-1176
    https://issues.apache.org/jira/browse/RANGER-1176


Repository: ranger


Description
-------

A policy with empty access list is valid if delegated admin is true.But the Ranger Admin UI doesn't allow user to create / update a policy with only the 'delegate admin' permission for a user / group.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 0b97da9 
  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 73b4cd3 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js df13b7c 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d 
  security-admin/src/main/webapp/templates/helpers/XAHelpers.js 1766880 
  security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 524b18f 


Diff: https://reviews.apache.org/r/62881/diff/1/


Testing
-------

1.Tested with all components.
2.Tested policy getting created by adding both permission and selecting delegate admin in allow/deny policy item.
3.Tested old and new value in the logs (Audit -> Admin tab) is getting correctly displayed.


Thanks,

Nitin Galave

Re: Review Request 62881: RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62881/#review187652
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 11, 2017, 8:17 a.m., Nitin Galave wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62881/
> -----------------------------------------------------------
> 
> (Updated Oct. 11, 2017, 8:17 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1176
>     https://issues.apache.org/jira/browse/RANGER-1176
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> A policy with empty access list is valid if delegated admin is true.But the Ranger Admin UI doesn't allow user to create / update a policy with only the 'delegate admin' permission for a user / group.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 0b97da9 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 73b4cd3 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js df13b7c 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 1766880 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 524b18f 
> 
> 
> Diff: https://reviews.apache.org/r/62881/diff/1/
> 
> 
> Testing
> -------
> 
> 1.Tested with all components.
> 2.Tested policy getting created by adding both permission and selecting delegate admin in allow/deny policy item.
> 3.Tested old and new value in the logs (Audit -> Admin tab) is getting correctly displayed.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62881: RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.

Posted by Mehul Parikh <me...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62881/#review187648
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On Oct. 11, 2017, 8:17 a.m., Nitin Galave wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62881/
> -----------------------------------------------------------
> 
> (Updated Oct. 11, 2017, 8:17 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1176
>     https://issues.apache.org/jira/browse/RANGER-1176
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> A policy with empty access list is valid if delegated admin is true.But the Ranger Admin UI doesn't allow user to create / update a policy with only the 'delegate admin' permission for a user / group.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 0b97da9 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 73b4cd3 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js df13b7c 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 1766880 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 524b18f 
> 
> 
> Diff: https://reviews.apache.org/r/62881/diff/1/
> 
> 
> Testing
> -------
> 
> 1.Tested with all components.
> 2.Tested policy getting created by adding both permission and selecting delegate admin in allow/deny policy item.
> 3.Tested old and new value in the logs (Audit -> Admin tab) is getting correctly displayed.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62881: RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.

Posted by Endre Zoltan Kovacs via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62881/#review189911
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 391 (patched)
<https://reviews.apache.org/r/62881/#comment267141>

    please fix: 
    typo: User is trrying => User is trying
    
    remove the 'it' from the sentence:
    'which we are not allowing it to change' => 'which we are not allowing to change'


- Endre Zoltan Kovacs


On Oct. 11, 2017, 8:17 a.m., Nitin Galave wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62881/
> -----------------------------------------------------------
> 
> (Updated Oct. 11, 2017, 8:17 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1176
>     https://issues.apache.org/jira/browse/RANGER-1176
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> A policy with empty access list is valid if delegated admin is true.But the Ranger Admin UI doesn't allow user to create / update a policy with only the 'delegate admin' permission for a user / group.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 0b97da9 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 73b4cd3 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js df13b7c 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 1766880 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 524b18f 
> 
> 
> Diff: https://reviews.apache.org/r/62881/diff/1/
> 
> 
> Testing
> -------
> 
> 1.Tested with all components.
> 2.Tested policy getting created by adding both permission and selecting delegate admin in allow/deny policy item.
> 3.Tested old and new value in the logs (Audit -> Admin tab) is getting correctly displayed.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62881: RANGER-1176: Ranger admin does not allow to create / update a policy with only delegate admin permission.

Posted by Gautam Borad <gb...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62881/#review187647
-----------------------------------------------------------


Ship it!




Ship It!

- Gautam Borad


On Oct. 11, 2017, 8:17 a.m., Nitin Galave wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62881/
> -----------------------------------------------------------
> 
> (Updated Oct. 11, 2017, 8:17 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1176
>     https://issues.apache.org/jira/browse/RANGER-1176
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> A policy with empty access list is valid if delegated admin is true.But the Ranger Admin UI doesn't allow user to create / update a policy with only the 'delegate admin' permission for a user / group.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 0b97da9 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 73b4cd3 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js df13b7c 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 9a8d82d 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 1766880 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html 524b18f 
> 
> 
> Diff: https://reviews.apache.org/r/62881/diff/1/
> 
> 
> Testing
> -------
> 
> 1.Tested with all components.
> 2.Tested policy getting created by adding both permission and selecting delegate admin in allow/deny policy item.
> 3.Tested old and new value in the logs (Audit -> Admin tab) is getting correctly displayed.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>