Dharshana M Krishnamoorthy created RANGER-3827: --------------------------------------------------
Summary: Ranger should block policy creation with incorrect permission Key: RANGER-3827 URL: https://issues.apache.org/jira/browse/RANGER-3827 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Dharshana M Krishnamoorthy {code:java} entity_allow_get_on_hive_table_policy_payload {u'allowExceptions': [], u'end-one-entity': None, u'policyItems': [{u'users': [u'hrt_16'], u'accesses': [{u'isAllowed': True, u'type': u'entity-read'}, {u'isAllowed': True, u'type': u'entity-create'}, {u'isAllowed': True, u'type': u'entity-update'}, {u'isAllowed': True, u'type': u'entity-delete'}, {u'isAllowed': True, u'type': u'entity-add-classification'}, {u'isAllowed': True, u'type': u'entity-update-classification'}, {u'isAllowed': True, u'type': u'entity-remove-classification'}]}], u'policyPriority': 0, u'service': 'cm_atlas', u'isEnabled': True, u'end-two-entity-classification': None, u'end-one-entity-type': None, u'type': None, u'resources': {u'entity': {u'isExcludes': False, u'values': [u'*'], u'isRecursive': False}, u'entity-type': {u'isExcludes': False, u'values': [u'hive_table'], u'isRecursive': False}, u'entity-classification': {u'isExcludes': False, u'values': [u'*'], u'isRecursive': False}}, u'description': u'', u'isAuditEnabled': True, u'isDenyAllElse': False, u'policyType': u'0', u'denyPolicyItems': [], u'end-two-entity': None, u'end-two-entity-type': None, u'none': [], u'end-one-entity-classification': None, u'name': u'entity_allow_all_hive_table', u'denyExceptions': [], u'policyLabels': []} {code} !image-2022-07-13-17-18-15-207.png|width=1415,height=691! For an entity type with 'None' , classification related policies can also be added when creating policy via api, which is ideally incorrect This should be blocked at policy creation level itself -- This message was sent by Atlassian Jira (v8.20.10#820010)