[jira] [Commented] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission

Wed, 04 Oct 2023 07:36:15 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771877#comment-17771877
 ] 

Dineshkumar Yadav commented on RANGER-4399:
-------------------------------------------

apache commit : 
https://github.com/apache/ranger/commit/f400998bdac38b5f9cfd5401345155017e9d05f9

> Need to fix zone drop-down option in policy listing for user not having 
> 'Security Zone' module permission
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4399
>                 URL: https://issues.apache.org/jira/browse/RANGER-4399
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mugdha Varadkar
>            Assignee: Dineshkumar Yadav
>            Priority: Critical
>              Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user 
> role. Policy listing page stuck on loading when 'Security Zone' module 
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from 
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with 
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the 
> modules level API and try to implement and use API which is open to access 
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based 
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request 
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the 
> Dashboard page to reduce server side API call for zone change operation.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to