Hi Colm, In that case we will have to revert change of :
1. To remove auto-select of permission if service has single permission for policy. @Abhay and @Nitin - any other thoughts on this scenario? On Thu, Jun 22, 2017 at 3:30 PM, Colm O hEigeartaigh <[email protected]> wrote: > Thanks Mehul! > > The problem with the change though, is that if you are only specifying one > of the four policy conditions, then you have to edit the other three > policies to remove "allow", otherwise you get that error. So it actually > involves more work that just having to add "allow" for the policy you are > creating. Does that make sense? > > Colm. > > On Thu, Jun 22, 2017 at 10:53 AM, Mehul Parikh <[email protected]> wrote: > > > Hi Colm, > > > > This is one of the latest changes on Ranger UI, done as part of > RANGER-1492 > > <https://github.com/apache/ranger/commit/5e82ed83c4f6f360aefd2818c1485c > > b7dce2027c>. > > > > > > Main reason behind auto-populating Allow condition for Knox was, it had > > only one permission to be managed for policy administrator. If there is > > only one permission, it will be useful for end users to have that > selected > > on create / edit policy. > > > > Other service types are not having by default selected permission because > > there are multiple permissions to be selected from. > > > > Regarding validation to select user / group: it applies for all services > > if any of the permission is selected in policy create / edit screen. > > > > > > On Tue, Jun 20, 2017 at 10:21 PM, Colm O hEigeartaigh < > [email protected] > > > > > wrote: > > > > > Hi all, > > > > > > With the latest 1.0.0-SNAPSHOT code, when creating a policy for the > Knox > > > service, the default permissions for all of the allow and deny > conditions > > > is "Allow". > > > > > > That means if you are just adding an allow condition you get an error: > > > > > > "Please select group/user for the selected permission, else group/user > > will > > > not be added." > > > > > > You have to manually edit all of the other permissions to remove the > > > "Allow" part. Only Knox seems to be affected, other components create > > > conditions with an empty permission. > > > > > > Is this a regression? Pretty sure I created Knox policies recently > > without > > > having to edit them in this way. > > > > > > Colm. > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > > > > > -- > > > > Thanks and regards, > > Mehul Parikh > > ---------------------------- > > M: +91 98191 54446 > > E: [email protected] > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Thanks and regards, Mehul Parikh ---------------------------- M: +91 98191 54446 E: [email protected]
