ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Galave <nitin.gal...@gmail.com>
Subject Re: UI regression for Knox?
Date Thu, 22 Jun 2017 10:33:27 GMT
Hi Colm,

Yes, the default selection of access type does not make sense when we have
four policy conditions in the policy from (i.e
Allow/AllowExclude/Deny/DenyExclude).

One thing we can do we can keep this future (default selection of access
type) for masking and row filter policy type as it contains only one policy
condition (Mask/Row filter condition) and disable for access policy form.

or

We can disable this future for all policy form.(i.e access/making/row
filter ).

Thanks,

Nitin Galave.

On Thu, Jun 22, 2017 at 3:54 PM, Mehul Parikh <xsmehul@gmail.com> wrote:

> Hi Colm,
>
> In that case we will have to revert change of :
>
>    1. To remove auto-select of permission if service has single permission
>    for policy.
>
> @Abhay and @Nitin - any other thoughts on this scenario?
>
> On Thu, Jun 22, 2017 at 3:30 PM, Colm O hEigeartaigh <coheigea@apache.org>
> wrote:
>
> > Thanks Mehul!
> >
> > The problem with the change though, is that if you are only specifying
> one
> > of the four policy conditions, then you have to edit the other three
> > policies to remove "allow", otherwise you get that error. So it actually
> > involves more work that just having to add "allow" for the policy you are
> > creating. Does that make sense?
> >
> > Colm.
> >
> > On Thu, Jun 22, 2017 at 10:53 AM, Mehul Parikh <xsmehul@gmail.com>
> wrote:
> >
> > > Hi Colm,
> > >
> > > This is one of the latest changes on Ranger UI, done as part of
> > RANGER-1492
> > > <https://github.com/apache/ranger/commit/
> 5e82ed83c4f6f360aefd2818c1485c
> > > b7dce2027c>.
> > >
> > >
> > > Main reason behind auto-populating Allow condition for Knox was, it had
> > > only one permission to be managed for policy administrator. If there is
> > > only one permission, it will be useful for end users to have that
> > selected
> > > on create / edit policy.
> > >
> > > Other service types are not having by default selected permission
> because
> > > there are multiple permissions to be selected from.
> > >
> > > Regarding validation to select user / group:  it applies for all
> services
> > > if any of the permission is selected in policy create / edit screen.
> > >
> > >
> > > On Tue, Jun 20, 2017 at 10:21 PM, Colm O hEigeartaigh <
> > coheigea@apache.org
> > > >
> > > wrote:
> > >
> > > > Hi all,
> > > >
> > > > With the latest 1.0.0-SNAPSHOT code, when creating a policy for the
> > Knox
> > > > service, the default permissions for all of the allow and deny
> > conditions
> > > > is "Allow".
> > > >
> > > > That means if you are just adding an allow condition you get an
> error:
> > > >
> > > > "Please select group/user for the selected permission, else
> group/user
> > > will
> > > > not be added."
> > > >
> > > > You have to manually edit all of the other permissions to remove the
> > > > "Allow" part. Only Knox seems to be affected, other components create
> > > > conditions with an empty permission.
> > > >
> > > > Is this a regression? Pretty sure I created Knox policies recently
> > > without
> > > > having to edit them in this way.
> > > >
> > > > Colm.
> > > >
> > > >
> > > > --
> > > > Colm O hEigeartaigh
> > > >
> > > > Talend Community Coder
> > > > http://coders.talend.com
> > > >
> > >
> > >
> > >
> > > --
> > >
> > > Thanks and regards,
> > > Mehul Parikh
> > > ----------------------------
> > > M: +91 98191 54446
> > > E: xsmehul@gmail.com
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
> --
>
> Thanks and regards,
> Mehul Parikh
> ----------------------------
> M: +91 98191 54446
> E: xsmehul@gmail.com
>



-- 


*Thanks,Nitin Galave.*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message