[
https://issues.apache.org/jira/browse/RANGER-5407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Gupta updated RANGER-5407:
---------------------------------
Description:
In the Atlas service, incorrect permissions are observed in some default
policies, particularly after upgrade.
Below are the policies name where we are seeing this issue
* {{all – entity-type, entity-classification, entity}}
* {{all – entity-type, entity-classification, entity,
entity-business-metadata}}
* {{all – entity-type, entity-classification, entity, entity-label}}
h3. Steps to reproduce
# Upgrade Ranger from *2.1* to {*}master{*}.
# In the Ranger Admin UI, navigate to the *Atlas policy listing* page.
# Open (view) any of the above-mentioned policies.
*Observed behavior:*
On the *policy view* page, *unexpected permissions* are displayed that are
{*}not available during policy create or edit{*}.
This includes:
* The *{{entity-read}} permission* appearing in policies where it is not
expected
* *Classification-related permissions* such as:
*
** {{entity-add-classification}}
*
** {{entity-update-classification}}
*
** {{{}entity-remove-classification{}}}{{{{}}{}}}
Specifically, *classification permissions are visible within the entity-read
policy.*
Attached snapshots for reference.
was:
In the Atlas service, incorrect permissions are observed in some default
policies, particularly after upgrade.
Below are the policies name where we are seeing this issue
* {{all – entity-type, entity-classification, entity}}
* {{all – entity-type, entity-classification, entity,
entity-business-metadata}}
* {{all – entity-type, entity-classification, entity, entity-label}}
h3. Steps to reproduce
# Upgrade Ranger from *2.1* to {*}master{*}.
# In the Ranger Admin UI, navigate to the *Atlas policy listing* page.
# Open (view) any of the above-mentioned policies.
*Observed behavior:*
On the *policy view* page, *unexpected permissions* are displayed that are
{*}not available during policy create or edit{*}.
This includes:
* The {{entity-read}} permission appearing in policies where it is not expected
* *Classification-related permissions* such as:
** {{entity-add-classification}}
** {{entity-update-classification}}
** {{{}entity-remove-classification{}}}{{{}{}}}
Specifically, *classification permissions are visible within the entity-read
policy.*
Attached snapshots for reference.
> In Atlas Service for some of the default policies wrong permissions seen
> ------------------------------------------------------------------------
>
> Key: RANGER-5407
> URL: https://issues.apache.org/jira/browse/RANGER-5407
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Vishal Bhavsar
> Assignee: Rakesh Gupta
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: Ranger-01-06-2026_03_18_PM.png,
> Ranger-11-26-2025_06_06_PM.png, Ranger-11-26-2025_06_07_PM.png
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> In the Atlas service, incorrect permissions are observed in some default
> policies, particularly after upgrade.
> Below are the policies name where we are seeing this issue
> * {{all – entity-type, entity-classification, entity}}
> * {{all – entity-type, entity-classification, entity,
> entity-business-metadata}}
> * {{all – entity-type, entity-classification, entity, entity-label}}
> h3. Steps to reproduce
> # Upgrade Ranger from *2.1* to {*}master{*}.
> # In the Ranger Admin UI, navigate to the *Atlas policy listing* page.
> # Open (view) any of the above-mentioned policies.
> *Observed behavior:*
> On the *policy view* page, *unexpected permissions* are displayed that are
> {*}not available during policy create or edit{*}.
> This includes:
> * The *{{entity-read}} permission* appearing in policies where it is not
> expected
> * *Classification-related permissions* such as:
> *
> ** {{entity-add-classification}}
> *
> ** {{entity-update-classification}}
> *
> ** {{{}entity-remove-classification{}}}{{{{}}{}}}
> Specifically, *classification permissions are visible within the entity-read
> policy.*
> Attached snapshots for reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
