-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75024/
-----------------------------------------------------------
Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Mehul
Parikh, Pradeep Agrawal, and sanket shelar.
Bugs: RANGER-4805
https://issues.apache.org/jira/browse/RANGER-4805
Repository: ranger
Description
-------
Steps to reproduce:
Created a tag policy for a `test` classification
Added deny permission for user `tuser`
Access entity tagged with `test` classification through `tuser` through Atlas UI
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
18ee3adc3
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
462246a3e
agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
036de11e2
security-admin/src/main/java/org/apache/ranger/patch/PatchForDisableAccessTypeForTagPolicies_J10062.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
a0ba463e4
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml f3dbb777b
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyPermissionItem.jsx
896c34cb0
Diff: https://reviews.apache.org/r/75024/diff/1/
Testing
-------
1)Verified that while creating or updating a Tag-based policy, the accessType
for the Atlas service is not allowed.
2)Confirmed that the accessType for the Atlas service is removed from the
default Tag-based policy.
3)Tested upgrade scenarios for all existing Tag-based policies to ensure that
the accessType for the Atlas service is removed.
Configurations:
disable.accesstype.for.tag.policy : Config to enable and disable policy
permission for Tag-based policies.
servicedef.accesstype.disable.for.tag.policy: Config to disable accessType for
the service definition in Tag-based policies.
Thanks,
Rakesh Gupta
