mneethiraj commented on code in PR #863:
URL: https://github.com/apache/ranger/pull/863#discussion_r2866843999
##########
agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json:
##########
@@ -6,194 +6,558 @@
"guid": "ca1b484b-e397-4ab4-b6e3-36a154662d7d",
"resources": [
{
- "itemId": 1,
- "name": "root",
- "label": "Root",
- "description": "Root",
- "parent": "",
- "level": 10,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "service-access-manage", "catalog-create",
"catalog-list", "principal-create", "principal-list", "principal-role-create",
"principal-role-list" ]
+ "itemId": 1,
+ "name": "root",
+ "label": "Root",
+ "description": "Root",
+ "parent": "",
+ "level": 10,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "service-access-manage",
+ "catalog-create",
+ "catalog-list",
+ "principal-create",
+ "principal-list",
+ "principal-role-create",
+ "principal-role-list"
+ ]
},
{
- "itemId": 2,
- "name": "catalog",
- "label": "Catalog",
- "description": "Catalog",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-access-manage", "catalog-drop",
"catalog-properties-read", "catalog-properties-write", "catalog-metadata-full",
"catalog-metadata-manage", "catalog-content-manage", "catalog-grants-list",
"catalog-grants-manage", "catalog-role-create", "catalog-role-list",
"catalog-policy-attach", "catalog-policy-detach" ]
+ "itemId": 2,
+ "name": "catalog",
+ "label": "Catalog",
+ "description": "Catalog",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-drop",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "catalog-metadata-manage",
+ "catalog-content-manage",
+ "catalog-access-manage",
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-list",
+ "catalog-policy-attach",
+ "catalog-policy-detach"
+ ]
},
{
- "itemId": 3,
- "name": "principal",
- "label": "Principal",
- "description": "Principal",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-grants-manage",
"principal-grants-for-grantee-manage", "principal-grants-list",
"principal-role-grants-list", "catalog-role-grants-list", "principal-drop",
"principal-properties-read", "principal-properties-write",
"principal-metadata-full", "principal-credentials-rotate",
"principal-credentials-reset" ]
+ "itemId": 3,
+ "name": "principal",
+ "label": "Principal",
+ "description": "Principal",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-drop",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-rotate",
+ "principal-credentials-reset",
+ "principal-role-grants-list",
+ "catalog-role-grants-list"
+ ]
},
{
- "itemId": 4,
- "name": "principal-role",
- "label": "Principal Role",
- "description": "Principal Role",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-role-usage",
"principal-role-drop", "principal-role-properties-read",
"principal-role-properties-write", "principal-role-metadata-full",
"principal-role-grants-manage", "principal-role-grants-for-grantee-manage" ]
+ "itemId": 4,
+ "name": "principal-role",
+ "label": "Principal Role",
+ "description": "Principal Role",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-role-drop",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-manage",
+ "principal-role-grants-for-grantee-manage",
+ "principal-role-usage"
+ ]
},
{
- "itemId": 5,
- "name": "namespace",
- "label": "Namespace",
- "description": "Namespace",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "namespace-create", "table-create",
"view-create", "namespace-drop", "namespace-list", "table-list", "view-list",
"namespace-properties-read", "namespace-properties-write",
"namespace-metadata-full", "namespace-grants-list", "namespace-grants-manage",
"policy-create", "policy-list", "namespace-policy-attach",
"namespace-policy-detach" ]
+ "itemId": 5,
+ "name": "namespace",
+ "label": "Namespace",
+ "description": "Namespace",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "table-create",
+ "table-list",
+ "view-create",
+ "view-list",
+ "policy-create",
+ "policy-list"
+ ]
},
{
- "itemId": 6,
- "name": "catalog-role",
- "label": "Catalog Role",
- "description": "Catalog Role",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-role-usage", "catalog-role-drop",
"catalog-role-properties-read", "catalog-role-properties-write",
"catalog-role-metadata-full", "catalog-role-grants-manage",
"catalog-role-grants-for-grantee-manage" ]
+ "itemId": 6,
+ "name": "catalog-role",
+ "label": "Catalog Role",
+ "description": "Catalog Role",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-role-drop",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "catalog-role-usage"
+ ]
},
{
- "itemId": 7,
- "name": "table",
- "label": "Table",
- "description": "Table",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "table-drop", "view-drop",
"table-properties-read", "table-properties-write", "view-properties-read",
"view-properties-write", "table-data-read", "table-data-write",
"table-metadata-full", "view-metadata-full", "table-grants-list",
"view-grants-list", "table-grants-manage", "view-grants-manage",
"table-policy-attach", "table-policy-detach" ]
+ "itemId": 7,
+ "name": "table",
+ "label": "Table",
+ "description": "Table",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "table-drop",
+ "table-data-read",
+ "table-data-write",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-grants-list",
+ "table-grants-manage",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-drop",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full",
+ "view-grants-list",
+ "view-grants-manage"
+ ]
},
{
- "itemId": 8,
- "name": "policy",
- "label": "Policy",
- "description": "Policy",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "policy-read", "policy-drop",
"policy-write", "policy-metadata-full", "policy-attach", "policy-detach",
"policy-grants-manage" ]
+ "itemId": 8,
+ "name": "policy",
+ "label": "Policy",
+ "description": "Policy",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "policy-read",
+ "policy-drop",
+ "policy-write",
+ "policy-metadata-full",
+ "policy-attach",
+ "policy-detach",
+ "policy-grants-manage"
+ ]
}
],
"accessTypes": [
- { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE" },
+ { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-create",
+ "catalog-drop",
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "principal-create",
+ "principal-drop",
+ "principal-list",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-reset",
+ "principal-role-create",
+ "principal-role-drop",
+ "principal-role-list",
+ "principal-role-grants-list",
+ "principal-role-grants-manage",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-for-grantee-manage"
+ ]
+ },
+ { "itemId": 2, "name": "catalog-create", "label": "Catalog Create",
"category": "CREATE", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 3, "name": "catalog-drop", "label": "Catalog Drop",
"category": "DELETE" },
+ { "itemId": 4, "name": "catalog-list", "label": "Catalog List",
"category": "READ" },
+ { "itemId": 5, "name": "catalog-access-manage", "label": "Catalog Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-drop",
+ "catalog-role-list",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-list",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "table-grants-list",
+ "table-grants-manage",
+ "view-grants-list",
+ "view-grants-manage",
+ "policy-grants-manage"
+ ]
+ },
+ { "itemId": 6, "name": "catalog-content-manage", "label": "Catalog Manage
Content", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-metadata-manage",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
Review Comment:
updated the description for impliedGrants updates.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
