ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Shukla (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-3331) [Atlas classification authorization] {OWNER} placeholder not supported in atlas classification policies
Date Thu, 08 Jul 2021 10:45:00 GMT
Abhishek Shukla created RANGER-3331:
---------------------------------------

             Summary: [Atlas classification authorization] {OWNER} placeholder not supported
in atlas classification policies
                 Key: RANGER-3331
                 URL: https://issues.apache.org/jira/browse/RANGER-3331
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: Abhishek Shukla


*Test Policy*:
{noformat}
    {
      "service": "cm_atlas",
      "name": "test_atlas_with_classification_auth_policy_5",
      "policyType": 0,
      "policyPriority": 0,
      "description": "test_atlas_with_classification_auth_policy_5",
      "isAuditEnabled": true,
      "resources": {
        "entity-type": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "entity-classification": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "classification": {
          "values": [
            "*",
            "dummy_tag"
          ],
          "isExcludes": false,
          "isRecursive": false
        },
        "entity": {
          "values": [
            "*"
          ],
          "isExcludes": false,
          "isRecursive": false
        }
      },
      "policyItems": [
        {
          "accesses": [
            {
              "type": "entity-add-classification",
              "isAllowed": true
            },
            {
              "type": "entity-update-classification",
              "isAllowed": true
            },
            {
              "type": "entity-remove-classification",
              "isAllowed": true
            }
          ],
          "users": [
            "{OWNER}",
            "hrt_qa"
          ],
          "groups": [],
          "roles": [],
          "conditions": [],
          "delegateAdmin": true
        }
      ],
      "denyPolicyItems": [],
      "allowExceptions": [],
      "denyExceptions": [],
      "dataMaskPolicyItems": [],
      "rowFilterPolicyItems": [],
      "serviceType": "atlas",
      "options": {},
      "validitySchedules": [],
      "policyLabels": [],
      "zoneName": "",
      "isDenyAllElse": false,
      "id": 37,
      "guid": "3231a2cf-d819-48ec-a3e7-89e960499b85",
      "isEnabled": true,
      "version": 1
    }
{noformat}
 

Here we have the \{OWNER} placeholder present in the users list and we accept any user who
has created the tag should be able to add the tag to the entity.

 

Not sure if this is supported by the atlas plugin currently, so creating this Jira for more
discussion on this issue.

 

cc [~nixon]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message