You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Dhaval Rajpara <dh...@gmail.com> on 2023/04/03 07:00:58 UTC

Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/#review225335
-----------------------------------------------------------


Ship it!




Ship It!

- Dhaval Rajpara


On March 31, 2023, 1:18 p.m., Brijesh Bhalala wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74359/
> -----------------------------------------------------------
> 
> (Updated March 31, 2023, 1:18 p.m.)
> 
> 
> Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.
> 
> 
> Bugs: RANGER-4146
>     https://issues.apache.org/jira/browse/RANGER-4146
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to support services where explicit deny and expception are not feasible - for example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such services, policy UI shows only allow policy items in resource-based policies. However, tag-based policies are common across all service-types, hence deny and exception policy-items are shown in policy UI. This allows users to setup tag-based policies to deny access to users/group/roles - even though they may not work for above services.
> 
> To eliminate confusion, tag-based policy UI should not show permissions in deny and expception policy-items for service-types that don’t support deny and exceptions i.e., service-defs having options.enableDenyAndExceptionsInPolicies=false.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx 7f43260ce313193044f068f6854b25bce61d8fb6 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 6fa85ad8c93c85686567ac59adbadb131701896b 
>   security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx abc9942f92da5f5e98a783d9f3f6bfded960fb0b 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx a1e5731a6367787c502ad2ca22f4567eafa48c16 
>   security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx a1b31e366371f72a6f29b783c33d3617136d43ee 
>   security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx 79ca5c55fa75eab1c5a3381aa0414984ff35a41b 
> 
> 
> Diff: https://reviews.apache.org/r/74359/diff/2/
> 
> 
> Testing
> -------
> 
> 1)Build and Verified Ranger Admin setup with this changes.
> 2)Verified the Following things:-
>  - CRUD operation on policy form.
> 
> 
> Thanks,
> 
> Brijesh Bhalala
> 
>