You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dhaval Rajpara <dh...@gmail.com> on 2023/04/03 07:00:58 UTC
Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/#review225335
-----------------------------------------------------------
Ship it!
Ship It!
- Dhaval Rajpara
On March 31, 2023, 1:18 p.m., Brijesh Bhalala wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74359/
> -----------------------------------------------------------
>
> (Updated March 31, 2023, 1:18 p.m.)
>
>
> Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.
>
>
> Bugs: RANGER-4146
> https://issues.apache.org/jira/browse/RANGER-4146
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.
>
> To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.
>
>
> Diffs
> -----
>
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx 7f43260ce313193044f068f6854b25bce61d8fb6
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 6fa85ad8c93c85686567ac59adbadb131701896b
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx abc9942f92da5f5e98a783d9f3f6bfded960fb0b
> security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx a1e5731a6367787c502ad2ca22f4567eafa48c16
> security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx a1b31e366371f72a6f29b783c33d3617136d43ee
> security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx 79ca5c55fa75eab1c5a3381aa0414984ff35a41b
>
>
> Diff: https://reviews.apache.org/r/74359/diff/2/
>
>
> Testing
> -------
>
> 1)Build and Verified Ranger Admin setup with this changes.
> 2)Verified the Following things:-
> - CRUD operation on policy form.
>
>
> Thanks,
>
> Brijesh Bhalala
>
>