[jira] [Resolved] (RANGER-4083) Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

Wed, 15 Mar 2023 00:00:06 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-4083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj resolved RANGER-4083.
--------------------------------------
    Fix Version/s: 3.0.0
                   2.4.0
       Resolution: Fixed

 
{noformat}
commit 32f8ce52a1f7ebfa45dce7c50e718250a0adce53 (HEAD -> master, origin/master, 
origin/HEAD)
Author: Dhaval Rajpara <[email protected]>
Date:   Tue Mar 14 18:51:15 2023 +0530

    RANGER-4083: Tag-based policy UI to not show permissions in deny/exception 
for services that don't support deny/exception

    Signed-off-by: Madhan Neethiraj <[email protected]>
{noformat}
 
{noformat}
commit b71f7dda628bb27302d8fa4e4672ad788e16306e (HEAD -> ranger-2.4, 
origin/ranger-2.4)
Author: Dhaval Rajpara <[email protected]>
Date:   Tue Mar 14 18:51:15 2023 +0530

    RANGER-4083: Tag-based policy UI to not show permissions in deny/exception 
for services that don't support deny/exception

    Signed-off-by: Madhan Neethiraj <[email protected]>
    (cherry picked from commit 32f8ce52a1f7ebfa45dce7c50e718250a0adce53)
{noformat}

> Tag-based policy UI to not show permissions in deny/exception for services 
> that don't support deny/exception
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4083
>                 URL: https://issues.apache.org/jira/browse/RANGER-4083
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>            Reporter: Madhan Neethiraj
>            Assignee: Dhaval Rajpara
>            Priority: Major
>             Fix For: 3.0.0, 2.4.0
>
>         Attachments: 0002-RANGER-4083.patch
>
>
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to 
> support services where explicit deny and expception  are not feasible - for 
> example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For 
> such services, policy UI shows only allow policy items in resource-based 
> policies. However, tag-based policies are common across all service-types, 
> hence deny and exception policy-items are shown in policy UI. This allows 
> users to setup tag-based policies to deny access to users/group/roles - even 
> though they may not work for above services.
> To eliminate confusion, tag-based policy UI should not show permissions in 
> deny and expception policy-items for service-types that don’t support deny 
> and exceptions i.e., service-defs having 
> options.enableDenyAndExceptionsInPolicies=false.
> CC: [~nitin.galave], [~Dhaval.Rajpara] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to