> On Dec. 3, 2022, 7:34 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java > > Lines 228 (patched) > > <https://reviews.apache.org/r/74229/diff/2/?file=2272258#file2272258line230> > > > > if appliedPolicy has isDenyAllElse=true and existingPolicy has > > isDenyAllElse=false, it should be treated as an error - as it can result in > > access to be denied for users who might have access currently. Please > > reveiew.
I don't quite see why. Can you please elaborate? Thanks! - Abhay ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74229/#review224948 ----------------------------------------------------------- On Dec. 3, 2022, 12:28 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74229/ > ----------------------------------------------------------- > > (Updated Dec. 3, 2022, 12:28 a.m.) > > > Review request for ranger, madhan, Madhan Neethiraj, Pradeep Agrawal, Ramesh > Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-3995 > https://issues.apache.org/jira/browse/RANGER-3995 > > > Repository: ranger > > > Description > ------- > > Steps to reproduce :- > > 1. Make a POST request to the below mentioned API endpoint, using a policy > json where isDenyAllElse flag is set true > > /service/public/v2/api/policy/apply > 2. Fetch the policy using the newly created policy id, and try to make a POST > request to "/policy/apply" using the policy json obtained from the GET > request. The request results in an error > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java > b56fd3966 > > > Diff: https://reviews.apache.org/r/74229/diff/2/ > > > Testing > ------- > > Tested per the steps listed above. No error was reported and the policy was > applied correctly > > > Thanks, > > Abhay Kulkarni > >
