RANGER-4805: removed Atlas permissions in tag-based policies
Signed-off-by: Madhan Neethiraj <madhan@apache.org>
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
index ec6bc77..08afeb4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
@@ -42,6 +42,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S
public static final String OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES = "enableDenyAndExceptionsInPolicies";
public static final String OPTION_ENABLE_IMPLICIT_CONDITION_EXPRESSION = "enableImplicitConditionExpression";
+ public static final String OPTION_ENABLE_TAG_BASED_POLICIES = "enableTagBasedPolicies";
private String name;
private String displayName;
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 5c06cd6..6863e48 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -27,6 +27,7 @@
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.plugin.util.ServiceDefUtil;
import org.apache.ranger.services.tag.RangerServiceTag;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,7 +66,9 @@ public void updateTagServiceDefForAccessTypes() throws Exception {
}
List<RangerServiceDef> allServiceDefs = getServiceDefs(new SearchFilter());
for (RangerServiceDef serviceDef : allServiceDefs) {
- updateTagServiceDefForUpdatingAccessTypes(serviceDef);
+ if (ServiceDefUtil.getOption_enableTagBasedPolicies(serviceDef, config)) {
+ updateTagServiceDefForUpdatingAccessTypes(serviceDef);
+ }
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDefDBStore.updateTagServiceDefForAccessTypes()");
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
index 12e833b..ed1ab5b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
@@ -107,6 +107,17 @@ public static boolean getOption_enableDenyAndExceptionsInPolicies(RangerServiceD
return ret;
}
+ public static boolean getOption_enableTagBasedPolicies(RangerServiceDef serviceDef, Configuration config) {
+ boolean ret = false;
+
+ if(serviceDef != null) {
+ boolean defaultValue = config == null || config.getBoolean("ranger.servicedef.enableTagBasedPolicies", true);
+ ret = ServiceDefUtil.getBooleanValue(serviceDef.getOptions(), RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, defaultValue);
+ }
+
+ return ret;
+ }
+
public static RangerDataMaskTypeDef getDataMaskType(RangerServiceDef serviceDef, String typeName) {
RangerDataMaskTypeDef ret = null;
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
index c98da31..e9edfd5 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
@@ -21,8 +21,8 @@
"wildCard": "true",
"ignoreCase": "true"
},
- "label": "Type Catagory",
- "description": "Type Catagory"
+ "label": "Type Category",
+ "description": "Type Category"
},
{
"itemId": 2,
@@ -502,6 +502,7 @@
}
],
"options": {
- "enableDenyAndExceptionsInPolicies": "true"
+ "enableDenyAndExceptionsInPolicies": "true",
+ "enableTagBasedPolicies":"false"
}
}
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 81494bd..80af2c8 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -2090,4 +2090,5 @@
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10060',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10061',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10062',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10063',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 3f01a42..8d528e4 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2063,5 +2063,6 @@
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10060',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10061',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10062',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10063',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 27ef48c..6bb9c52 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -2246,6 +2246,7 @@
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10060',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10061',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10062',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10063',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_principal;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 660cc52..a37c9eb 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2434,6 +2434,8 @@
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10062',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10063',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 6e445d5..151f680 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4220,5 +4220,6 @@
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10060',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10061',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10062',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10063',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
new file mode 100644
index 0000000..ce18040
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.java
@@ -0,0 +1,236 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXAccessTypeDef;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.util.CLIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063 extends BaseLoader {
+ private static final Logger logger = LoggerFactory
+ .getLogger(PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063 loader = (PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063) CLIUtil
+ .getBean(PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting.");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063 data ");
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.execLoad()");
+ try {
+ if (updateAtlasServiceDef()) {
+ disableAtlasAccessForTagPolicies();
+ }
+ } catch (Exception e) {
+ logger.error("Error while updateTagServiceDef()data.", e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.execLoad()");
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ private boolean updateAtlasServiceDef() throws Exception {
+ logger.info("==> PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.updateAtlasServiceDef()");
+ RangerServiceDef embeddedAtlasServiceDef;
+ XXServiceDef xXServiceDefObj;
+
+ embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance()
+ .getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+
+ if (embeddedAtlasServiceDef != null) {
+ xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
+
+ if (xXServiceDefObj != null) {
+ String jsonStrUpdate = xXServiceDefObj.getDefOptions();
+ Map<String, String> serviceDefOptionsUpdate = jsonStringToMap(jsonStrUpdate);
+ if (serviceDefOptionsUpdate == null) {
+ serviceDefOptionsUpdate = new HashMap<>();
+ }
+ serviceDefOptionsUpdate.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, "false");
+ xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsUpdate));
+ daoMgr.getXXServiceDef().update(xXServiceDefObj);
+ } else {
+ logger.error("Atlas service-definition does not exist in the Ranger DAO.");
+ return false;
+ }
+ } else {
+ logger.error("The embedded Atlas service-definition does not exist.");
+ return false;
+ }
+ logger.info("<== PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.updateAtlasServiceDef()");
+ return true;
+ }
+
+ private void disableAtlasAccessForTagPolicies() throws Exception {
+ logger.info("==> PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.disableAtlasAccessForTagPolicies()");
+ RangerServiceDef embeddedTagServiceDef = EmbeddedServiceDefsUtil.instance()
+ .getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME);
+ if (embeddedTagServiceDef != null) {
+ List<XXPolicy> xxPolicies = daoMgr.getXXPolicy().findByServiceDefId(embeddedTagServiceDef.getId());
+ if (CollectionUtils.isNotEmpty(xxPolicies)) {
+ for (XXPolicy xxPolicy : xxPolicies) {
+ RangerPolicy rPolicy = svcStore.getPolicy(xxPolicy.getId());
+ if (CollectionUtils.isNotEmpty(rPolicy.getPolicyItems()) || CollectionUtils.isNotEmpty(rPolicy.getAllowExceptions())
+ || CollectionUtils.isNotEmpty(rPolicy.getDenyPolicyItems()) || CollectionUtils.isNotEmpty(rPolicy.getDenyExceptions())) {
+ updateAccessTypeForTagPolicies(rPolicy.getPolicyItems());
+ updateAccessTypeForTagPolicies(rPolicy.getAllowExceptions());
+ updateAccessTypeForTagPolicies(rPolicy.getDenyPolicyItems());
+ updateAccessTypeForTagPolicies(rPolicy.getDenyExceptions());
+ svcStore.updatePolicy(rPolicy);
+ }
+ }
+ }
+ } else {
+ logger.error("The embedded Tag service-definition does not exist.");
+ }
+
+ // delete XXAccessTypeDef records of tagDef where name startWith Atlas
+ List<XXAccessTypeDef> xxAccessTypes = daoMgr.getXXAccessTypeDef().findByServiceDefId(embeddedTagServiceDef.getId());
+ for (XXAccessTypeDef xAccess : xxAccessTypes) {
+ if (xAccess != null && xAccess.getName().startsWith(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME)) {
+ svcStore.deleteXXAccessTypeDef(xAccess);
+ }
+ }
+ logger.info("<== PatchForUpdatingAtlasSvcDefAndTagPolicies_J10063.disableAtlasAccessForTagPolicies()");
+ }
+
+ private void updateAccessTypeForTagPolicies(List<RangerPolicyItem> policyItems) throws Exception {
+ logger.info("==> PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies() "+policyItems);
+ if (CollectionUtils.isEmpty(policyItems)) {
+ logger.info("==> PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies() policy items collection was null/empty");
+ } else {
+ List<RangerPolicy.RangerPolicyItem> removePolicyItem = new ArrayList<RangerPolicy.RangerPolicyItem>();
+ for (RangerPolicyItem policyItem : policyItems) {
+ if (policyItem != null && policyItem.getAccesses() != null) {
+ List<RangerPolicy.RangerPolicyItemAccess> accessesToRemove = new ArrayList<RangerPolicy.RangerPolicyItemAccess>();
+ for (RangerPolicyItemAccess access : policyItem.getAccesses()) {
+ if (access != null) {
+ String[] svcDefAccType = access.getType().split(":");
+ String serviceDefName = svcDefAccType.length > 0 ? svcDefAccType[0] : null;
+ if (serviceDefName != null && serviceDefName.equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME)) {
+ accessesToRemove.add(access);
+ }
+ }
+ }
+ policyItem.getAccesses().removeAll(accessesToRemove);
+ }
+ if(policyItem != null && CollectionUtils.isEmpty(policyItem.getAccesses())) {
+ removePolicyItem.add(policyItem);
+ }
+ }
+ policyItems.removeAll(removePolicyItem);
+ }
+ logger.info("<== PatchForDisableAccessTypeForTagPolicies_J10063.updateAccessTypeForTagPolicies() "+policyItems);
+ }
+
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+ if (map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch (Exception ex) {
+ logger.warn("mapToJsonString() failed to convert map: " + map, ex);
+ }
+ }
+ return ret;
+ }
+
+ private Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+ if (!StringUtils.isEmpty(jsonStr)) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch (Exception ex) {
+ // fallback to earlier format: "name1=value1;name2=value2"
+ for (String optionString : jsonStr.split(";")) {
+ if (StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+ String[] nvArr = optionString.split("=");
+ String name = (nvArr.length > 0) ? nvArr[0].trim() : null;
+ String value = (nvArr.length > 1) ? nvArr[1].trim() : null;
+ if (StringUtils.isEmpty(name)) {
+ continue;
+ }
+ if (ret == null) {
+ ret = new HashMap<>();
+ }
+ ret.put(name, value);
+ }
+ }
+ }
+ return ret;
+ }
+
+}
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index 7d363c4..3fb3dea 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -72,6 +72,15 @@ protected RangerServiceDef mapEntityToViewBean(RangerServiceDef vObj, XXServiceD
ret.setOptions(serviceDefOptions);
}
+ if (serviceDefOptions.get(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES) == null) {
+ boolean enableTagBasedPoliciesHiddenOption = config.getBoolean("ranger.servicedef.enableTagBasedPolicies", true);
+ if (enableTagBasedPoliciesHiddenOption) {
+ serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, "true");
+ } else {
+ serviceDefOptions.put(RangerServiceDef.OPTION_ENABLE_TAG_BASED_POLICIES, "false");
+ }
+ ret.setOptions(serviceDefOptions);
+ }
return ret;
}
