Hi Colm, This is one of the latest changes on Ranger UI, done as part of RANGER-1492 <https://github.com/apache/ranger/commit/5e82ed83c4f6f360aefd2818c1485cb7dce2027c>.
Main reason behind auto-populating Allow condition for Knox was, it had only one permission to be managed for policy administrator. If there is only one permission, it will be useful for end users to have that selected on create / edit policy. Other service types are not having by default selected permission because there are multiple permissions to be selected from. Regarding validation to select user / group: it applies for all services if any of the permission is selected in policy create / edit screen. On Tue, Jun 20, 2017 at 10:21 PM, Colm O hEigeartaigh <[email protected]> wrote: > Hi all, > > With the latest 1.0.0-SNAPSHOT code, when creating a policy for the Knox > service, the default permissions for all of the allow and deny conditions > is "Allow". > > That means if you are just adding an allow condition you get an error: > > "Please select group/user for the selected permission, else group/user will > not be added." > > You have to manually edit all of the other permissions to remove the > "Allow" part. Only Knox seems to be affected, other components create > conditions with an empty permission. > > Is this a regression? Pretty sure I created Knox policies recently without > having to edit them in this way. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Thanks and regards, Mehul Parikh ---------------------------- M: +91 98191 54446 E: [email protected]
