-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/
-----------------------------------------------------------
Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh,
Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.
Bugs: RANGER-4146
https://issues.apache.org/jira/browse/RANGER-4146
Repository: ranger
Description
-------
Ranger provides service-def option enableDenyAndExceptionsInPolicies to support
services where explicit deny and expception are not feasible - for example
services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such
services, policy UI shows only allow policy items in resource-based policies.
However, tag-based policies are common across all service-types, hence deny and
exception policy-items are shown in policy UI. This allows users to setup
tag-based policies to deny access to users/group/roles - even though they may
not work for above services.
To eliminate confusion, tag-based policy UI should not show permissions in deny
and expception policy-items for service-types that don’t support deny and
exceptions i.e., service-defs having
options.enableDenyAndExceptionsInPolicies=false.
Diffs
-----
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx
5d6ad75a1
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx
863ae5e96
Diff: https://reviews.apache.org/r/74359/diff/1/
Testing
-------
1)Build and Verified Ranger Admin setup with this changes.
2)Verified the Following things:-
- CRUD operation on policy form.
Thanks,
Brijesh Bhalala
