[jira] [Commented] (RANGER-5628) Support for actions in Ozone Service Definition

Fri, 26 Jun 2026 22:05:07 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-5628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091987#comment-18091987
 ] 

Ramesh Mani commented on RANGER-5628:
-------------------------------------

[~fmorgan]  Thanks for the contribution. This has been merged to master branch. 
[https://github.com/apache/ranger/commit/dcf5947fe96f71e311e3f8d94f0786496cf8adf4|https://github.com/apache/ranger/commit/dcf5947fe96f71e311e3f8d94f0786496cf8adf4.]

> Support for actions in Ozone Service Definition
> -----------------------------------------------
>
>                 Key: RANGER-5628
>                 URL: https://issues.apache.org/jira/browse/RANGER-5628
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin, plugins
>    Affects Versions: 3.0.0
>            Reporter: Fabian Morgan
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> For upcoming Ozone STS feature, we need the ability to identify what actions 
> are allowed for an STS token (ex GetObject, GetObjectTagging, PutObject, 
> etc), in addition to the less granular existing permission system (read, 
> write, create, etc).  This ticket updates the Ranger policy evaluation to 
> keep the existing permission evaluation for legacy reasons, and add optional 
> action evaluation via policy condition in the UI.  If the resource policy has 
> an action and an action is supplied in the RequestContext, they must match 
> (in addition to the permissions).  If no action is identified in the resource 
> policy, then all actions are allowed and only the permissions are required.
> Also there are several UI updates: 
> - Support actions in UI in only in Policy Conditions section, not on the 
> overall Resource Policy.
> - populate Ozone action choices based on permissions
> - ensure actions wrap around instead of scrolling horizontally indefinitely.  
> - It also fixes latent React hook violations of having useState within a 
> conditional (CommonComponents.jsx) and a loop (Editable.jsx).  
> The UI updates are implemented in a way such that the hdfs service definition 
> can later make use of the filtering actions by permissions behavior.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to