Dharshana M Krishnamoorthy created RANGER-3827:
--------------------------------------------------
Summary: Ranger should block policy creation with incorrect
permission
Key: RANGER-3827
URL: https://issues.apache.org/jira/browse/RANGER-3827
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Dharshana M Krishnamoorthy
{code:java}
entity_allow_get_on_hive_table_policy_payload
{u'allowExceptions': [], u'end-one-entity': None, u'policyItems': [{u'users':
[u'hrt_16'], u'accesses': [{u'isAllowed': True, u'type': u'entity-read'},
{u'isAllowed': True, u'type': u'entity-create'}, {u'isAllowed': True, u'type':
u'entity-update'}, {u'isAllowed': True, u'type': u'entity-delete'},
{u'isAllowed': True, u'type': u'entity-add-classification'}, {u'isAllowed':
True, u'type': u'entity-update-classification'}, {u'isAllowed': True, u'type':
u'entity-remove-classification'}]}], u'policyPriority': 0, u'service':
'cm_atlas', u'isEnabled': True, u'end-two-entity-classification': None,
u'end-one-entity-type': None, u'type': None, u'resources': {u'entity':
{u'isExcludes': False, u'values': [u'*'], u'isRecursive': False},
u'entity-type': {u'isExcludes': False, u'values': [u'hive_table'],
u'isRecursive': False}, u'entity-classification': {u'isExcludes': False,
u'values': [u'*'], u'isRecursive': False}}, u'description': u'',
u'isAuditEnabled': True, u'isDenyAllElse': False, u'policyType': u'0',
u'denyPolicyItems': [], u'end-two-entity': None, u'end-two-entity-type': None,
u'none': [], u'end-one-entity-classification': None, u'name':
u'entity_allow_all_hive_table', u'denyExceptions': [], u'policyLabels': []}
{code}
!image-2022-07-13-17-18-15-207.png|width=1415,height=691!
For an entity type with 'None' , classification related policies can also be
added when creating policy via api, which is ideally incorrect
This should be blocked at policy creation level itself
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
