Thanks Nitin. Either of your suggestions are fine with me. Colm.
On Thu, Jun 22, 2017 at 11:33 AM, Nitin Galave <[email protected]> wrote: > Hi Colm, > > Yes, the default selection of access type does not make sense when we have > four policy conditions in the policy from (i.e Allow/AllowExclude/Deny/ > DenyExclude). > > One thing we can do we can keep this future (default selection of access > type) for masking and row filter policy type as it contains only one policy > condition (Mask/Row filter condition) and disable for access policy form. > > or > > We can disable this future for all policy form.(i.e access/making/row > filter ). > > Thanks, > > Nitin Galave. > > On Thu, Jun 22, 2017 at 3:54 PM, Mehul Parikh <[email protected]> wrote: > >> Hi Colm, >> >> In that case we will have to revert change of : >> >> 1. To remove auto-select of permission if service has single permission >> >> for policy. >> >> @Abhay and @Nitin - any other thoughts on this scenario? >> >> On Thu, Jun 22, 2017 at 3:30 PM, Colm O hEigeartaigh <[email protected] >> > >> wrote: >> >> > Thanks Mehul! >> > >> > The problem with the change though, is that if you are only specifying >> one >> > of the four policy conditions, then you have to edit the other three >> > policies to remove "allow", otherwise you get that error. So it actually >> > involves more work that just having to add "allow" for the policy you >> are >> > creating. Does that make sense? >> > >> > Colm. >> > >> > On Thu, Jun 22, 2017 at 10:53 AM, Mehul Parikh <[email protected]> >> wrote: >> > >> > > Hi Colm, >> > > >> > > This is one of the latest changes on Ranger UI, done as part of >> > RANGER-1492 >> > > <https://github.com/apache/ranger/commit/5e82ed83c4f6f360aef >> d2818c1485c >> > > b7dce2027c>. >> > > >> > > >> > > Main reason behind auto-populating Allow condition for Knox was, it >> had >> > > only one permission to be managed for policy administrator. If there >> is >> > > only one permission, it will be useful for end users to have that >> > selected >> > > on create / edit policy. >> > > >> > > Other service types are not having by default selected permission >> because >> > > there are multiple permissions to be selected from. >> > > >> > > Regarding validation to select user / group: it applies for all >> services >> > > if any of the permission is selected in policy create / edit screen. >> > > >> > > >> > > On Tue, Jun 20, 2017 at 10:21 PM, Colm O hEigeartaigh < >> > [email protected] >> > > > >> > > wrote: >> > > >> > > > Hi all, >> > > > >> > > > With the latest 1.0.0-SNAPSHOT code, when creating a policy for the >> > Knox >> > > > service, the default permissions for all of the allow and deny >> > conditions >> > > > is "Allow". >> > > > >> > > > That means if you are just adding an allow condition you get an >> error: >> > > > >> > > > "Please select group/user for the selected permission, else >> group/user >> > > will >> > > > not be added." >> > > > >> > > > You have to manually edit all of the other permissions to remove the >> > > > "Allow" part. Only Knox seems to be affected, other components >> create >> > > > conditions with an empty permission. >> > > > >> > > > Is this a regression? Pretty sure I created Knox policies recently >> > > without >> > > > having to edit them in this way. >> > > > >> > > > Colm. >> > > > >> > > > >> > > > -- >> > > > Colm O hEigeartaigh >> > > > >> > > > Talend Community Coder >> > > > http://coders.talend.com >> > > > >> > > >> > > >> > > >> > > -- >> > > >> > > Thanks and regards, >> > > Mehul Parikh >> > > ---------------------------- >> > > M: +91 98191 54446 <+91%2098191%2054446> >> > > E: [email protected] >> > > >> > >> > >> > >> > -- >> > Colm O hEigeartaigh >> > >> > Talend Community Coder >> > http://coders.talend.com >> > >> >> >> >> -- >> >> Thanks and regards, >> Mehul Parikh >> ---------------------------- >> M: +91 98191 54446 <+91%2098191%2054446> >> E: [email protected] >> > > > > -- > > > *Thanks,Nitin Galave.* > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
