[
https://issues.apache.org/jira/browse/RANGER-4146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brijesh Bhalala updated RANGER-4146:
------------------------------------
Fix Version/s: 3.0.0
> [Ranger UI] [React JS] Tag-based policy UI to not show permissions in
> deny/exception for services that don't support deny/exception
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4146
> URL: https://issues.apache.org/jira/browse/RANGER-4146
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Dhaval Rajpara
> Assignee: Brijesh Bhalala
> Priority: Major
> Labels: ranger-react
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4146.patch, 0002-RANGER-4146.patch
>
>
> Ranger provides service-def option enableDenyAndExceptionsInPolicies to
> support services where explicit deny and expception are not feasible - for
> example services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For
> such services, policy UI shows only allow policy items in resource-based
> policies. However, tag-based policies are common across all service-types,
> hence deny and exception policy-items are shown in policy UI. This allows
> users to setup tag-based policies to deny access to users/group/roles - even
> though they may not work for above services.
> To eliminate confusion, tag-based policy UI should not show permissions in
> deny and expception policy-items for service-types that don’t support deny
> and exceptions i.e., service-defs having
> options.enableDenyAndExceptionsInPolicies=false.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
