You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Abhishek Shukla (Jira)" <ji...@apache.org> on 2021/07/08 10:45:00 UTC
[jira] [Created] (RANGER-3331) [Atlas classification authorization]
{OWNER} placeholder not supported in atlas classification policies
Abhishek Shukla created RANGER-3331:
---------------------------------------
Summary: [Atlas classification authorization] {OWNER} placeholder not supported in atlas classification policies
Key: RANGER-3331
URL: https://issues.apache.org/jira/browse/RANGER-3331
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Abhishek Shukla
*Test Policy*:
{noformat}
{
"service": "cm_atlas",
"name": "test_atlas_with_classification_auth_policy_5",
"policyType": 0,
"policyPriority": 0,
"description": "test_atlas_with_classification_auth_policy_5",
"isAuditEnabled": true,
"resources": {
"entity-type": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"entity-classification": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"classification": {
"values": [
"*",
"dummy_tag"
],
"isExcludes": false,
"isRecursive": false
},
"entity": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "entity-add-classification",
"isAllowed": true
},
{
"type": "entity-update-classification",
"isAllowed": true
},
{
"type": "entity-remove-classification",
"isAllowed": true
}
],
"users": [
"{OWNER}",
"hrt_qa"
],
"groups": [],
"roles": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"serviceType": "atlas",
"options": {},
"validitySchedules": [],
"policyLabels": [],
"zoneName": "",
"isDenyAllElse": false,
"id": 37,
"guid": "3231a2cf-d819-48ec-a3e7-89e960499b85",
"isEnabled": true,
"version": 1
}
{noformat}
Here we have the \{OWNER} placeholder present in the users list and we accept any user who has created the tag should be able to add the tag to the entity.
Not sure if this is supported by the atlas plugin currently, so creating this Jira for more discussion on this issue.
cc [~nixon]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)