> On Jan. 5, 2023, 8:23 p.m., Abhay Kulkarni wrote: > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java > > Lines 135 (patched) > > <https://reviews.apache.org/r/74270/diff/1/?file=2273400#file2273400line135> > > > > Is this for backward compatibility? Has it been tested?
There is no change needed at the plugin side. The changes to service-def (to add marker access-typedefs) are part of the downloaded policies. I verified that earlier verion plugin recognizes _ALL in the policy. > On Jan. 5, 2023, 8:23 p.m., Abhay Kulkarni wrote: > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java > > Lines 154 (patched) > > <https://reviews.apache.org/r/74270/diff/1/?file=2273400#file2273400line154> > > > > This function adds all marker access-types to the "native" access-types > > defined for a service-definition. How does this work for tag policies > > (during authoring as well as rendering) in the GUI as well as when > > evaluating tag policies? > > > > Also, it may be useful to include unit test(s) that verify the feature. - verified that marker-access-types (_ALL) in both resource-based and tag-based policies are intrepretted correctly by the policy engine - added unit tests to validate correct population of marker access-types - Tag-based policy UI renders marker access-types in each component's permission list. In addition, UI should list marker access-types outside of any component permission list. I will file a JIRA to track this UI update. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74270/#review225066 ----------------------------------------------------------- On Jan. 6, 2023, 9:46 a.m., Madhan Neethiraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74270/ > ----------------------------------------------------------- > > (Updated Jan. 6, 2023, 9:46 a.m.) > > > Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > Subhrat Chaudhary, and Velmurugan Periasamy. > > > Bugs: RANGER-4035 > https://issues.apache.org/jira/browse/RANGER-4035 > > > Repository: ranger > > > Description > ------- > > - added category field to AccessTypeDef, which can be set to one of the > following: CREATE/READ/UPDATE/DELETE/MANAGE > - updated to include access-typedef _ALL in each service-def, with all other > access-types as impliedGrants > - updated to include following access-typedefs in each service-def, each > including access-types having corresponding category > -- _CREATE > -- _READ > -- _UPDATE > -- _DELETE > -- _MANAGE > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java > 05dde4edf > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java > fe1cf9244 > > agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java > 3cd42f44f > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 6cc3509d8 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 6b9604817 > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java > 656bc0184 > > > Diff: https://reviews.apache.org/r/74270/diff/2/ > > > Testing > ------- > > - verified that policy UI renders built-in marker types added in service-def > - _ALL, _CREATE, _READ, _UPDATE, _DELETE, _MANAGE > - verified that plugin enforce built-in marker access-types referenced in > policies > > > Thanks, > > Madhan Neethiraj > >
