[jira] [Comment Edited] (RANGER-4795) Add validation in API to check emptyness on policyitem while creating policy.

Tue, 28 May 2024 22:15:22 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850024#comment-17850024
 ] 

Vishal Bhavsar edited comment on RANGER-4795 at 5/29/24 5:14 AM:
-----------------------------------------------------------------

We are able to create Mask & Row level policy with empty value i.e "" for 
user/group/role in policy item.

Steps to reproduce:
 # From Postman hit Post api : 
[http://localhost:6080/service/plugins/policies|http://10.140.31.0:6080/service/plugins/policies]
 ; use below json as payload for creating row policy.

{code:java}
{ "allowExceptions": [], "policyItems": [], "denyPolicyItems": [], 
"denyExceptions": [], "dataMaskPolicyItems": [], "rowFilterPolicyItems": [ { 
"accesses": [ { "type": "select", "isAllowed": true } ], "users": [ "" ], 
"groups": [ "" ], "roles": [ "" ], "rowFilterInfo": { "filterExpr": "a=b" } } 
], "description": "", "isAuditEnabled": true, "isDenyAllElse": false, 
"isEnabled": true, "name": "hvr p2", "policyLabels": [], "policyPriority": "0", 
"policyType": "2", "service": "hive1", "resources": { "database": { "values": [ 
"db2" ] }, "table": { "values": [ "tbl1" ] } }, "additionalResources": [], 
"conditions": [] }{code}


was (Author: JIRAUSER298660):
We are able to create Mask & Row level policy with empty value i.e "" for 
user/group/role in policy item.

Steps to reproduce:
 # From Postman hit Post api : 
[http://10.140.31.0:6080/service/plugins/policies] ; use below json as payload 
for creating row policy.

{code:java}
{ "allowExceptions": [], "policyItems": [], "denyPolicyItems": [], 
"denyExceptions": [], "dataMaskPolicyItems": [], "rowFilterPolicyItems": [ { 
"accesses": [ { "type": "select", "isAllowed": true } ], "users": [ "" ], 
"groups": [ "" ], "roles": [ "" ], "rowFilterInfo": { "filterExpr": "a=b" } } 
], "description": "", "isAuditEnabled": true, "isDenyAllElse": false, 
"isEnabled": true, "name": "hvr p2", "policyLabels": [], "policyPriority": "0", 
"policyType": "2", "service": "hive1", "resources": { "database": { "values": [ 
"db2" ] }, "table": { "values": [ "tbl1" ] } }, "additionalResources": [], 
"conditions": [] }{code}

> Add validation in API to check emptyness on policyitem while creating policy.
> -----------------------------------------------------------------------------
>
>                 Key: RANGER-4795
>                 URL: https://issues.apache.org/jira/browse/RANGER-4795
>             Project: Ranger
>          Issue Type: Task
>          Components: Ranger
>            Reporter: Rakesh Gupta
>            Assignee: Rakesh Gupta
>            Priority: Major
>
> There is an inconsistency between Ranger API and UI not doing the same 
> validation for Policy creation. 
> Policy creation API should fail when a policy with all empty values and along 
> with  [""]  or  ["null"] in policyItem --> users, groups and roles.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to