[
https://issues.apache.org/jira/browse/RANGER-3375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj resolved RANGER-3375.
--------------------------------------
Fix Version/s: 2.1.0
Resolution: Not A Bug
Though an user sees list of all services, Ranger restricts the policies
available for them to view/create/update/delete.
# A user having Ranger admin role will have all access in all services,
including policies, service-configuration.
# A user having service admin role (granted via service configuration
{{service.admin.users}} or {{{}service.admin.groups{}}}) will have all access
to policies in that service.
# A user having delegated-admin privilege in a policy will have access to all
policies for the resources covered by the policy.
A user having none of above privileges will not be able to
view/create/update/delete policies.
> User shouldn't see service names that aren't allowed in the user security zone
> ------------------------------------------------------------------------------
>
> Key: RANGER-3375
> URL: https://issues.apache.org/jira/browse/RANGER-3375
> Project: Ranger
> Issue Type: New Feature
> Components: admin
> Affects Versions: 2.1.0
> Reporter: Egor Ryashin
> Priority: Major
> Labels: admin
> Fix For: 2.1.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Right now if a user sets no security zone (in Security Zone combobox) in
> Admin UI the user can see all the services even those that the user security
> zone has no policies for.
> In our use case a user shouldn't see all services but only those that the
> user has permission to manage (according to the user assigned security zones).
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
