You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhishek Shukla (Jira)" <ji...@apache.org> on 2021/07/08 10:45:00 UTC

[jira] [Created] (RANGER-3331) [Atlas classification authorization] {OWNER} placeholder not supported in atlas classification policies

Abhishek Shukla created RANGER-3331:
---------------------------------------

             Summary: [Atlas classification authorization] {OWNER} placeholder not supported in atlas classification policies
                 Key: RANGER-3331
                 URL: https://issues.apache.org/jira/browse/RANGER-3331
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: Abhishek Shukla


*Test Policy*:
{noformat}
    {
      "service": "cm_atlas",
      "name": "test_atlas_with_classification_auth_policy_5",
      "policyType": 0,
      "policyPriority": 0,
      "description": "test_atlas_with_classification_auth_policy_5",
      "isAuditEnabled": true,
      "resources": {
        "entity-type": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "entity-classification": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "classification": {
          "values": [
            "*",
            "dummy_tag"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "entity": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        }
      },
      "policyItems": [
        {
          "accesses": [
            {
              "type": "entity-add-classification",
              "isAllowed": true
            },
            {
              "type": "entity-update-classification",
              "isAllowed": true
            },
            {
              "type": "entity-remove-classification",
              "isAllowed": true
            }
          ],
          "users": [
            "{OWNER}",
            "hrt_qa"
          ],
          "groups": [],
          "roles": [],
          "conditions": [],
          "delegateAdmin": true
        }
      ],
      "denyPolicyItems": [],
      "allowExceptions": [],
      "denyExceptions": [],
      "dataMaskPolicyItems": [],
      "rowFilterPolicyItems": [],
      "serviceType": "atlas",
      "options": {},
      "validitySchedules": [],
      "policyLabels": [],
      "zoneName": "",
      "isDenyAllElse": false,
      "id": 37,
      "guid": "3231a2cf-d819-48ec-a3e7-89e960499b85",
      "isEnabled": true,
      "version": 1
    }
{noformat}
 

Here we have the \{OWNER} placeholder present in the users list and we accept any user who has created the tag should be able to add the tag to the entity.

 

Not sure if this is supported by the atlas plugin currently, so creating this Jira for more discussion on this issue.

 

cc [~nixon]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)