Re: Review Request 74359: RANGER-4146: Tag-based policy UI to not show permissions in deny/exception for services that don't support deny/exception

Fri, 31 Mar 2023 06:19:00 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74359/
-----------------------------------------------------------

(Updated March 31, 2023, 1:18 p.m.)


Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, 
Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.


Bugs: RANGER-4146
    https://issues.apache.org/jira/browse/RANGER-4146


Repository: ranger


Description
-------

Ranger provides service-def option enableDenyAndExceptionsInPolicies to support 
services where explicit deny and expception are not feasible - for example 
services like Elasticsearch, Kylin, Nifi-Registry, Nifi, Sqoop. For such 
services, policy UI shows only allow policy items in resource-based policies. 
However, tag-based policies are common across all service-types, hence deny and 
exception policy-items are shown in policy UI. This allows users to setup 
tag-based policies to deny access to users/group/roles - even though they may 
not work for above services.

To eliminate confusion, tag-based policy UI should not show permissions in deny 
and expception policy-items for service-types that don’t support deny and 
exceptions i.e., service-defs having 
options.enableDenyAndExceptionsInPolicies=false.


Diffs (updated)
-----

  
security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx
 7f43260ce313193044f068f6854b25bce61d8fb6 
  
security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 
6fa85ad8c93c85686567ac59adbadb131701896b 
  
security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx
 abc9942f92da5f5e98a783d9f3f6bfded960fb0b 
  
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx
 a1e5731a6367787c502ad2ca22f4567eafa48c16 
  
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx
 a1b31e366371f72a6f29b783c33d3617136d43ee 
  
security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx
 79ca5c55fa75eab1c5a3381aa0414984ff35a41b 


Diff: https://reviews.apache.org/r/74359/diff/2/

Changes: https://reviews.apache.org/r/74359/diff/1-2/


Testing
-------

1)Build and Verified Ranger Admin setup with this changes.
2)Verified the Following things:-
 - CRUD operation on policy form.


Thanks,

Brijesh Bhalala

Reply via email to