From b855840f12bfbfbec5a354aaddd69cb99baccee7 Mon Sep 17 00:00:00 2001 From: Hendrik Richert Date: Thu, 12 Sep 2024 14:13:54 +0200 Subject: [PATCH 1/2] add new CREATE_USERS_AND_GROUPS_PRIVILEGE and UPDATE_USERS_AND_GROUPS_PRIVILEGE --- .../authorization/PoliciesConfig.java | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java index a282c6be673d0e..00e3a282f546f7 100644 --- a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java +++ b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java @@ -59,6 +59,18 @@ public class PoliciesConfig { "Manage Users & Groups", "Create, remove, and update users and groups on DataHub."); + static final Privilege CREATE_USERS_AND_GROUPS_PRIVILEGE = + Privilege.of( + "CREATE_USERS_AND_GROUPS", + "Create Users & Groups", + "Create users and groups on DataHub."); + + static final Privilege UPDATE_USERS_AND_GROUPS_PRIVILEGE = + Privilege.of( + "UPDATE_USERS_AND_GROUPS", + "Update Users & Groups", + "Update users and groups on DataHub."); + private static final Privilege VIEW_ANALYTICS_PRIVILEGE = Privilege.of("VIEW_ANALYTICS", "View Analytics", "View the DataHub analytics dashboard."); @@ -171,6 +183,8 @@ public class PoliciesConfig { ImmutableList.of( MANAGE_POLICIES_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE, + CREATE_USERS_AND_GROUPS_PRIVILEGE, + UPDATE_USERS_AND_GROUPS_PRIVILEGE, VIEW_ANALYTICS_PRIVILEGE, GET_ANALYTICS_PRIVILEGE, MANAGE_DOMAINS_PRIVILEGE, @@ -919,13 +933,13 @@ public class PoliciesConfig { ImmutableMap.>>builder() .put( ApiOperation.CREATE, - Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint(CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.READ, API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ)) .put( ApiOperation.UPDATE, - Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint(UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.DELETE, Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) @@ -938,7 +952,7 @@ public class PoliciesConfig { ImmutableMap.>>builder() .put( ApiOperation.CREATE, - Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint(CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.READ, API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ)) From 0cea73854b3bacea1bae28a92df58d7b7ca320e6 Mon Sep 17 00:00:00 2001 From: Hendrik Richert Date: Tue, 17 Sep 2024 12:12:36 +0200 Subject: [PATCH 2/2] checkstyle --- .../metadata/authorization/PoliciesConfig.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java index 00e3a282f546f7..255a45e9d4c623 100644 --- a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java +++ b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java @@ -933,13 +933,15 @@ public class PoliciesConfig { ImmutableMap.>>builder() .put( ApiOperation.CREATE, - Disjunctive.disjoint(CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint( + CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.READ, API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ)) .put( ApiOperation.UPDATE, - Disjunctive.disjoint(UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint( + UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.DELETE, Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) @@ -952,13 +954,15 @@ public class PoliciesConfig { ImmutableMap.>>builder() .put( ApiOperation.CREATE, - Disjunctive.disjoint(CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint( + CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.READ, API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ)) .put( ApiOperation.UPDATE, - Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE)) + Disjunctive.disjoint( + UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE)) .put( ApiOperation.DELETE, Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE))