[jira] [Commented] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission

Wed, 13 Sep 2023 09:34:09 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764779#comment-17764779
 ] 

Dineshkumar Yadav commented on RANGER-4399:
-------------------------------------------

server side changes : https://reviews.apache.org/r/74601/

> Need to fix zone drop-down option in policy listing for user not having 
> 'Security Zone' module permission
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4399
>                 URL: https://issues.apache.org/jira/browse/RANGER-4399
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mugdha Varadkar
>            Assignee: Mugdha Varadkar
>            Priority: Critical
>              Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user 
> role. Policy listing page stuck on loading when 'Security Zone' module 
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from 
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with 
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the 
> modules level API and try to implement and use API which is open to access 
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based 
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request 
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to