Abhishek Shukla created RANGER-3331:
---------------------------------------
Summary: [Atlas classification authorization] {OWNER} placeholder
not supported in atlas classification policies
Key: RANGER-3331
URL: https://issues.apache.org/jira/browse/RANGER-3331
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Abhishek Shukla
*Test Policy*:
{noformat}
{
"service": "cm_atlas",
"name": "test_atlas_with_classification_auth_policy_5",
"policyType": 0,
"policyPriority": 0,
"description": "test_atlas_with_classification_auth_policy_5",
"isAuditEnabled": true,
"resources": {
"entity-type": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"entity-classification": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"classification": {
"values": [
"*",
"dummy_tag"
],
"isExcludes": false,
"isRecursive": false
},
"entity": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
"policyItems": [
{
"accesses": [
{
"type": "entity-add-classification",
"isAllowed": true
},
{
"type": "entity-update-classification",
"isAllowed": true
},
{
"type": "entity-remove-classification",
"isAllowed": true
}
],
"users": [
"{OWNER}",
"hrt_qa"
],
"groups": [],
"roles": [],
"conditions": [],
"delegateAdmin": true
}
],
"denyPolicyItems": [],
"allowExceptions": [],
"denyExceptions": [],
"dataMaskPolicyItems": [],
"rowFilterPolicyItems": [],
"serviceType": "atlas",
"options": {},
"validitySchedules": [],
"policyLabels": [],
"zoneName": "",
"isDenyAllElse": false,
"id": 37,
"guid": "3231a2cf-d819-48ec-a3e7-89e960499b85",
"isEnabled": true,
"version": 1
}
{noformat}
Here we have the \{OWNER} placeholder present in the users list and we accept
any user who has created the tag should be able to add the tag to the entity.
Not sure if this is supported by the atlas plugin currently, so creating this
Jira for more discussion on this issue.
cc [~nixon]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
