[
https://issues.apache.org/jira/browse/RANGER-4122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Selvamohan Neethiraj updated RANGER-4122:
-----------------------------------------
Fix Version/s: 3.0.0
(was: 2.4.0)
> [RangerAdmin] Reorganize authorization/access check logic
> ---------------------------------------------------------
>
> Key: RANGER-4122
> URL: https://issues.apache.org/jira/browse/RANGER-4122
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 2.3.0
> Reporter: KyrieG
> Assignee: KyrieG
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: Pasted image 20230305134707 1.png,
> image-2023-03-05-22-16-17-927.png, image-2023-03-05-22-17-00-698.png,
> image-2023-03-05-22-17-35-210.png
>
>
> # Reorganize authorization logic
> Recently when I was sorting out the authorization logic of ranger admin, I
> saw confusion.
> For example: At ServiceREST I saw the following, similar logic been
> implemented in a distributed fasion.
> !image-2023-03-05-22-16-17-927.png!
> !image-2023-03-05-22-17-00-698.png!!image-2023-03-05-22-17-35-210.png!
> # I think these method should be in the same class for easy maintainance. A
> Better way is to create a new class for authorization logic instead of
> putting everythiong into bizUtil because it's responsible for many thing.
> # To sum up, I want to put these method into A new class named
> "RangerAuthorizationHelper".
> {quote}RangerBizUtil.isUserAllowed
> RangerBizUtil.checkAdminAccess
> RangerBizUtil.isUserRangerAdmin
> RangerBizUtil.isUserServiceAdmin
> RoleREST.userIsSrvAdmOrSrvUser
> svcStore.isServiceAdminUser
> XUserMgr.hasAccessToModule
> RangerBizUtil.hasModuleAccess
> RoleDBStore.ensureRoleAccess
> RangerBizUtil.blockAuditorRoleUser
> ... and many.
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
