[jira] [Updated] (RANGER-3827) Ranger should block policy creation with incorrect permission

Wed, 13 Jul 2022 04:50:05 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-3827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dharshana M Krishnamoorthy updated RANGER-3827:
-----------------------------------------------
    Attachment: Screenshot 2022-07-12 at 12.01.09 AM.png

> Ranger should block policy creation with incorrect permission
> -------------------------------------------------------------
>
>                 Key: RANGER-3827
>                 URL: https://issues.apache.org/jira/browse/RANGER-3827
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Dharshana M Krishnamoorthy
>            Priority: Major
>         Attachments: Screenshot 2022-07-12 at 12.01.09 AM.png
>
>
> {code:java}
> entity_allow_get_on_hive_table_policy_payload
> {u'allowExceptions': [], u'end-one-entity': None, u'policyItems': [{u'users': 
> [u'hrt_16'], u'accesses': [{u'isAllowed': True, u'type': u'entity-read'}, 
> {u'isAllowed': True, u'type': u'entity-create'}, {u'isAllowed': True, 
> u'type': u'entity-update'}, {u'isAllowed': True, u'type': u'entity-delete'}, 
> {u'isAllowed': True, u'type': u'entity-add-classification'}, {u'isAllowed': 
> True, u'type': u'entity-update-classification'}, {u'isAllowed': True, 
> u'type': u'entity-remove-classification'}]}], u'policyPriority': 0, 
> u'service': 'cm_atlas', u'isEnabled': True, u'end-two-entity-classification': 
> None, u'end-one-entity-type': None, u'type': None, u'resources': {u'entity': 
> {u'isExcludes': False, u'values': [u'*'], u'isRecursive': False}, 
> u'entity-type': {u'isExcludes': False, u'values': [u'hive_table'], 
> u'isRecursive': False}, u'entity-classification': {u'isExcludes': False, 
> u'values': [u'*'], u'isRecursive': False}}, u'description': u'', 
> u'isAuditEnabled': True, u'isDenyAllElse': False, u'policyType': u'0', 
> u'denyPolicyItems': [], u'end-two-entity': None, u'end-two-entity-type': 
> None, u'none': [], u'end-one-entity-classification': None, u'name': 
> u'entity_allow_all_hive_table', u'denyExceptions': [], u'policyLabels': []} 
> {code}
>  
> For an entity type with 'None' , classification related policies can also be 
> added when creating policy via api, which is ideally incorrect
> This should be blocked at policy creation level itself



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to