[ 
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mugdha Varadkar updated RANGER-4399:
------------------------------------
    Description: 
While testing permission module use cases, developer found one case for user 
role. Policy listing page stuck on loading when 'Security Zone' module 
permission of user with user-role is revoked.

By default user with user role has permission to 'Security Zone' module.

Impact here is user with user-role will not be able to access policies from 
policy listing page in Ranger Admin UI with React JS.

However there is a work around which is to give permission to the user with 
user-role in the 'Security Zone' module.

Need to provide a fix to handle this use case where we should not use the 
modules level API and try to implement and use API which is open to access data 
even if user don't have permission on certain modules.

As part of this fix provided below open API for SecurityZoneHeaderInfo based on 
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
{code}
isTagService query param is false by default

use below curl request 
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'

{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
{code}

Apart from above fixes, this jira is also handling one improvement on the 
Dashboard page to reduce server side API call for zone change operation.

  was:
While testing permission module use cases, developer found one case for user 
role. Policy listing page stuck on loading when 'Security Zone' module 
permission of user with user-role is revoked.

By default user with user role has permission to 'Security Zone' module.

Impact here is user with user-role will not be able to access policies from 
policy listing page in Ranger Admin UI with React JS.

However there is a work around which is to give permission to the user with 
user-role in the 'Security Zone' module.

Need to provide a fix to handle this use case where we should not use the 
modules level API and try to implement and use API which is open to access data 
even if user don't have permission on certain modules.

As part of this fix provided below open API for SecurityZoneHeaderInfo based on 
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
{code}
isTagService query param is false by default

use below curl request 
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'

{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET 
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
{code}


> Need to fix zone drop-down option in policy listing for user not having 
> 'Security Zone' module permission
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4399
>                 URL: https://issues.apache.org/jira/browse/RANGER-4399
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mugdha Varadkar
>            Assignee: Mugdha Varadkar
>            Priority: Critical
>              Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user 
> role. Policy listing page stuck on loading when 'Security Zone' module 
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from 
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with 
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the 
> modules level API and try to implement and use API which is open to access 
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based 
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request 
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET 
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the 
> Dashboard page to reduce server side API call for zone change operation.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to