[ https://issues.apache.org/jira/browse/RANGER-3827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dharshana M Krishnamoorthy updated RANGER-3827: ----------------------------------------------- Attachment: Screenshot 2022-07-12 at 12.01.09 AM.png > Ranger should block policy creation with incorrect permission > ------------------------------------------------------------- > > Key: RANGER-3827 > URL: https://issues.apache.org/jira/browse/RANGER-3827 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Dharshana M Krishnamoorthy > Priority: Major > Attachments: Screenshot 2022-07-12 at 12.01.09 AM.png > > > {code:java} > entity_allow_get_on_hive_table_policy_payload > {u'allowExceptions': [], u'end-one-entity': None, u'policyItems': [{u'users': > [u'hrt_16'], u'accesses': [{u'isAllowed': True, u'type': u'entity-read'}, > {u'isAllowed': True, u'type': u'entity-create'}, {u'isAllowed': True, > u'type': u'entity-update'}, {u'isAllowed': True, u'type': u'entity-delete'}, > {u'isAllowed': True, u'type': u'entity-add-classification'}, {u'isAllowed': > True, u'type': u'entity-update-classification'}, {u'isAllowed': True, > u'type': u'entity-remove-classification'}]}], u'policyPriority': 0, > u'service': 'cm_atlas', u'isEnabled': True, u'end-two-entity-classification': > None, u'end-one-entity-type': None, u'type': None, u'resources': {u'entity': > {u'isExcludes': False, u'values': [u'*'], u'isRecursive': False}, > u'entity-type': {u'isExcludes': False, u'values': [u'hive_table'], > u'isRecursive': False}, u'entity-classification': {u'isExcludes': False, > u'values': [u'*'], u'isRecursive': False}}, u'description': u'', > u'isAuditEnabled': True, u'isDenyAllElse': False, u'policyType': u'0', > u'denyPolicyItems': [], u'end-two-entity': None, u'end-two-entity-type': > None, u'none': [], u'end-one-entity-classification': None, u'name': > u'entity_allow_all_hive_table', u'denyExceptions': [], u'policyLabels': []} > {code} > > For an entity type with 'None' , classification related policies can also be > added when creating policy via api, which is ideally incorrect > This should be blocked at policy creation level itself -- This message was sent by Atlassian Jira (v8.20.10#820010)