Madhan Neethiraj created RANGER-4083:
----------------------------------------
Summary: Tag-based policy UI to not show permissions in
deny/exception for services that don't support deny/exception
Key: RANGER-4083
URL: https://issues.apache.org/jira/browse/RANGER-4083
Project: Ranger
Issue Type: Improvement
Components: admin
Reporter: Madhan Neethiraj
Ranger provides service-def option enableDenyAndExceptionsInPolicies to support
services where explicit deny and expception are not feasible - for example
services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such
services, policy UI shows only allow policy items in resource-based policies.
However, tag-based policies are common across all service-types, hence deny and
exception policy-items are shown in policy UI. This allows users to setup
tag-based policies to deny access to users/group/roles - even though they may
not work for policy-sync connectors.
To eliminate confusion, tag-based policy UI should not show permissions in deny
and expception policy-items for service-types that don’t support deny and
exceptions i.e., service-defs having
options.enableDenyAndExceptionsInPolicies=false.
CC: [~nitin.galave], [~Dhaval.Rajpara]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
