[jira] [Created] (RANGER-5606) Replace default policies in services by using ranger.plugin.super.users configuration

[Madhan Neethiraj (Jira)]

Madhan Neethiraj created RANGER-5606:
----------------------------------------

             Summary: Replace default policies in services by using 
ranger.plugin.super.users configuration
                 Key: RANGER-5606
                 URL: https://issues.apache.org/jira/browse/RANGER-5606
             Project: Ranger
          Issue Type: Improvement
          Components: admin
            Reporter: Madhan Neethiraj


When a service is created in Ranger, a set of default policies are created - 
one for each resource hierarchy, granting all access to the user specified in 
service config {{{}username{}}}. These policies can be avoided by simply 
setting service config {{ranger.plugin.super.users}} to designate the user as 
superuser. This can eliminate a large number of default policies which end up 
crowding UI.

When default policies are required while creating a service, it can be handled 
with one of the following available options:
 # Ensure service-def options section sets 
{{create.default.policy.per.hierarchy}} to {{true}} 
 # Register a custom implementation RangerBaseService class in service-def, to 
provide override of method {{getDefaultRangerPolicies()}}
 # Using service-configurations having prefix {{{}default-policy.{}}}. For 
example, please refer to 
[create_ranger_services.py|https://github.com/apache/ranger/blob/master/dev-support/ranger-docker/scripts/admin/create-ranger-services.py#L47]
 script used in docker setup.

The ask is to change the default value of configuration 
{{{}create.default.policy.per.hierarchy{}}}, from {{true}} to {{{}false{}}}, in 
[RangerBaseService.createDefaultPolicyPerHierarchy()|https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java#L246].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)