[jira] [Commented] (RANGER-1781) RangerUI :Policy create/edit form should display only relevant accesses based on the user-selected resource.

Thu, 21 Dec 2017 00:56:45 -0800 

    [ 
https://issues.apache.org/jira/browse/RANGER-1781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16299726#comment-16299726
 ] 

Nitin Galave commented on RANGER-1781:
--------------------------------------

FYI :

Policy create/edit form should display the only applicable set of access 
permissions based on the policy resource.
let's consider hive service definition resources as follows:

{code:java}
resources : [
{
        name: ""database",
        isValidLeaf : true,
        accessTypeRestriction: ["create"]
},
{
        name: ""url",
        isValidLeaf : true,
        accessTypeRestriction: ["read","write"]
},
{
        name: ""table",
        isValidLeaf : false,
        accessTypeRestriction: ["select"]
},
{
        name: ""column",
        isValidLeaf : true,
        accessTypeRestriction: []
},

]


{code}
If isValidLeaf: true that means a user can end up policy with that resource 
otherwise user needs to specify their child level resource.
for eg: database resource has isValidLeaf: true that means a user can create 
database level policy by specifying only database resource.
[^database-level.jpg]
table resource has isValidLeaf: false that means a user cannot create table 
level policy he needs to enter specify the value for his child level resource 
i.e column
and so on.
[^column-level.png]
_accessTypeRestriction_: lists the set of accesses allowed for this resource. A 
special value of empty set indicates that all access-types are allowed for this 
resource.
for eg: If the user creates the policy with database level resource then access 
permission popup will only show access types that are specified in the 
accessTypeRestriction of database resource if it is empty then it will show all 
permissions.
[^permission-for-database.png]

> RangerUI :Policy create/edit form should display only relevant accesses based 
> on the user-selected resource.
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-1781
>                 URL: https://issues.apache.org/jira/browse/RANGER-1781
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 1.0.0
>            Reporter: Nitin Galave
>            Assignee: Nitin Galave
>             Fix For: 1.0.0
>
>         Attachments: RANGER-1781.patch, column-level.png, database-level.jpg, 
> database-level.png, permission-for-database.png
>
>
> Policy create/edit form should display only applicable set of access 
> permissions based on the policy resource (excludedAccesses property) and not 
> the entire set of permissions defined for the service definition.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to