[jira] [Commented] (RANGER-5407) In Atlas Service for some of the default policies wrong permissions seen

Tue, 27 Jan 2026 23:45:09 -0800 


    [ 
https://issues.apache.org/jira/browse/RANGER-5407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18054765#comment-18054765
 ] 

Dineshkumar Yadav commented on RANGER-5407:
-------------------------------------------

Hi [~madhan] , could please review updated [PR GitHub Pull Request 
#791|https://github.com/apache/ranger/pull/791] . where we have handled below 
permission.

below permission should be part of default policy (all - entity-type, 
entity-classification, entity, classification) instead of default policy 
({{{}all – entity-type, entity-classification, entity) after upgrade.{}}}

This issue found our testing.

 
 * 
 ** {{entity-add-classification}}

 * 
 ** {{entity-update-classification}}

 * 
 ** {{{}entity-remove-classification{}}}{{{{}}{}}}

 

> In Atlas Service for some of the default policies wrong permissions seen
> ------------------------------------------------------------------------
>
>                 Key: RANGER-5407
>                 URL: https://issues.apache.org/jira/browse/RANGER-5407
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Vishal Bhavsar
>            Assignee: Rakesh Gupta
>            Priority: Major
>             Fix For: 3.0.0, 2.8.0
>
>         Attachments: Ranger-01-06-2026_03_18_PM.png, 
> Ranger-11-26-2025_06_06_PM.png, Ranger-11-26-2025_06_07_PM.png
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> In the Atlas service, incorrect permissions are observed in some default 
> policies, particularly after upgrade.
> Below are the policies name where we are seeing this issue
>  * {{all – entity-type, entity-classification, entity}}
>  * {{all – entity-type, entity-classification, entity, 
> entity-business-metadata}}
>  * {{all – entity-type, entity-classification, entity, entity-label}}
> h3. Steps to reproduce
>  # Upgrade Ranger from *ranger-2.1* to {*}master{*}.
>  # In the Ranger Admin UI, navigate to the *Atlas policy listing* page.
>  # Open (view) any of the above-mentioned policies.
> *Observed behavior:*
> On the *policy view* page, *unexpected permissions* are displayed that are 
> {*}not available during policy create or edit{*}.
> This includes:
>  * The *{{entity-read}} permission* appearing in policies where it is not 
> expected
>  * *Classification-related permissions* such as:
>  * 
>  ** {{entity-add-classification}}
>  * 
>  ** {{entity-update-classification}}
>  * 
>  ** {{{}entity-remove-classification{}}}{{{{}}{}}}
> Specifically, *classification permissions are visible within the entity-read 
> policy.*
> Attached snapshots for reference.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to