ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jasper Knulst (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-3069) Enable KMS policy editor for all with Keyadmin Role
Date Tue, 03 Nov 2020 15:34:00 GMT
Jasper Knulst created RANGER-3069:

             Summary: Enable KMS policy editor for all with Keyadmin Role 
                 Key: RANGER-3069
                 URL: https://issues.apache.org/jira/browse/RANGER-3069
             Project: Ranger
          Issue Type: Improvement
          Components: admin, kms
    Affects Versions: 1.2.0
            Reporter: Jasper Knulst

I have been assigned the 'keyadmin' role and I do see the extra UI menu option 'Encryption'.
However I don't get to see the extra tile/ranger-service for <cluster>_KMS at Resource
Based policies to be able to edit key related policies. I still have to logon as user/identity
'keyadmin' to see the <cluster>_KMS tile in the Service Manager

This defeats the purpose of having the 'Key Admin' role as it doesn't enable the ones who
have it anything. Currently it is also not auditable who specifically (in the ring of people
that have access to the credentials for the keyadmin idenity credentials) has done what to
key and zones

This message was sent by Atlassian Jira

View raw message