Re: Review Request 73165: RANGER-3168: User/Auditor should have read-only access for Servicedef via PublicAPIsv2 API

Wed, 03 Feb 2021 10:55:40 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73165/#review222550
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Line 127 (original), 127 (patched)
<https://reviews.apache.org/r/73165/#comment311648>

    Is a normal user allowed to see KMS service-def? The code changes seem to 
open up all service-definitions to all users. Please clarify.


- Abhay Kulkarni


On Jan. 29, 2021, 11:31 a.m., Mahesh Bandal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73165/
> -----------------------------------------------------------
> 
> (Updated Jan. 29, 2021, 11:31 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Gautam Borad, Kishor 
> Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep 
> Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3168
>     https://issues.apache.org/jira/browse/RANGER-3168
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Following GET API's should be accessible for other users.
> 
> GET API: /service/public/v2/api/servicedef/
> GET API: /service/public/v2/api/servicedef/{id}
> GET API: /service/public/v2/api/servicedef/name/{name}
> 
> If a user has permissions on the "Resource Based Policies" module, then he is 
> be able to view servicedef using Ranger-UI and therefore he should be able to 
> access servicedef using GET API- /service/public/v2/api/servicedef/
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> 19b93e67c 
> 
> 
> Diff: https://reviews.apache.org/r/73165/diff/1/
> 
> 
> Testing
> -------
> 
> 1. User and Auditor can acess servicedef if they have permissions on the 
> "Resource Based Policies" module.
> 2. KeyAdmin and KMSAuditor users can only access KMS servicedef.
> 
> 
> Thanks,
> 
> Mahesh Bandal
> 
>

Reply via email to