ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prad...@apache.org
Subject ranger git commit: RANGER-1948: Support for Read-only Ranger Admin users.
Date Tue, 06 Mar 2018 12:21:03 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 0ae46b746 -> 4d05b1560


RANGER-1948: Support for Read-only Ranger Admin users.

Signed-off-by: pradeep <pradeep@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/4d05b156
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/4d05b156
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/4d05b156

Branch: refs/heads/master
Commit: 4d05b1560b5aab4f0df5d43c6a8f10ed98404da0
Parents: 0ae46b7
Author: ni3galave <nitin.galave@gmail.com>
Authored: Thu Mar 1 18:23:25 2018 +0530
Committer: pradeep <pradeep@apache.org>
Committed: Tue Mar 6 17:50:28 2018 +0530

----------------------------------------------------------------------
 .../webapp/scripts/controllers/Controller.js    |   2 +-
 .../src/main/webapp/scripts/mgrs/SessionMgr.js  |   6 +
 .../scripts/modules/globalize/message/en.js     |  11 +-
 .../src/main/webapp/scripts/utils/XAEnums.js    |  13 +-
 .../src/main/webapp/scripts/utils/XAUtils.js    |  23 +++-
 .../main/webapp/scripts/views/common/TopNav.js  |   8 +-
 .../webapp/scripts/views/kms/KMSTableLayout.js  |   7 ++
 .../views/permissions/ModulePermissionForm.js   |  14 ++-
 .../views/permissions/ModulePermsTableLayout.js |   7 +-
 .../views/policies/RangerPolicyTableLayout.js   |  19 ++-
 .../views/policymanager/ServiceLayout.js        |  27 ++++-
 .../views/reports/OperationDiffDetail.js        |   8 ++
 .../scripts/views/reports/UserAccessLayout.js   |   7 +-
 .../views/service/RangerServiceViewDetail.js    |  84 +++++++++++++
 .../scripts/views/user/UserProfileForm.js       |   8 ++
 .../webapp/scripts/views/users/GroupCreate.js   |   4 +-
 .../webapp/scripts/views/users/UserCreate.js    |   6 +-
 .../main/webapp/scripts/views/users/UserForm.js |  30 +++--
 .../scripts/views/users/UserTableLayout.js      |  26 +++-
 security-admin/src/main/webapp/styles/xa.css    |   5 +-
 .../webapp/templates/common/TopNav_tmpl.html    |   4 +-
 .../main/webapp/templates/helpers/XAHelpers.js  |  14 ++-
 .../templates/kms/KmsTableLayout_tmpl.html      |  17 +--
 .../ModulePermsTableLayout_tmpl.html            |   2 +-
 .../policies/RangerPolicyTableLayout_tmpl.html  |  26 ++--
 .../reports/UserAccessLayout_tmpl.html          |   2 +
 .../service/RangerServiceViewDetail_tmpl.html   | 120 +++++++++++++++++++
 .../templates/users/UserTableLayout_tmpl.html   |   4 +-
 28 files changed, 430 insertions(+), 74 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 2be915f..92dac6a 100755
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -102,7 +102,7 @@ define(function(require) {
 		   var view				= require('views/user/UserProfile');
 		   
 		   App.rContent.show(new view({
-			   model : App.userProfile
+                           model : App.userProfile.clone()
 		   }));
 
 	   },

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js b/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js
index e7a3856..529a589 100644
--- a/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js
+++ b/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js
@@ -134,5 +134,11 @@ define(function(require){
 	SessionMgr.isUser = function(){
 		return this.userInRole('ROLE_USER') ? true : false;
 	};
+    SessionMgr.isAuditor = function(){
+        return this.userInRole('ROLE_ADMIN_AUDITOR') ? true : false;
+    };
+    SessionMgr.isKMSAuditor = function(){
+        return this.userInRole('ROLE_KEY_ADMIN_AUDITOR') ? true : false;
+    };
 	return SessionMgr;
 });	

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index ef75e36..8aaf705 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -241,8 +241,11 @@ define(function(require) {
                 download                        : 'Download',
                 lastUpdate                      : 'Last Update',
 		  		modules		                	: 'Modules',
-                                clusterName                     : 'Cluster Name',
-                                policyLabels					: 'Policy Labels'
+                clusterName                     : 'Cluster Name',
+                policyLabels					: 'Policy Labels',
+                activeStatus                    : 'Active Status',
+                selectTagService                : 'Tag Service'
+
 			},
 			btn : {
 				add							: 'Add',
@@ -350,7 +353,9 @@ define(function(require) {
                 custom                      :'CUSTOM',
                 mask                        :'Mask',
                 rowFilter                   : 'Row Filter',
-                policyLabelsinfo			: 'Label of policy'
+                policyLabelsinfo			: 'Label of policy',
+                serviceDetails              :'Service Details',
+                configProperties            : 'Config Properties'
                         },
 			msg : {
 				deletePolicyValidationMsg : 'Policy does not have any settings for the specific resource. Policy will be deleted. Press [Ok] to continue. Press [Cancel] to edit the policy.',

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/utils/XAEnums.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
index 0e0958d..4aa21c1 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js
@@ -57,6 +57,8 @@ define(function(require) {
 		ROLE_SYS_ADMIN:{value:0, label:'Admin', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'},
 		ROLE_USER:{value:1, label:'User', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_DENIED', tt: 'lbl.AccessResult_ACCESS_RESULT_DENIED'},
 		ROLE_KEY_ADMIN:{value:2, label:'KeyAdmin', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'},
+        ROLE_ADMIN_AUDITOR:{value:3, label:'Auditor', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'},
+        ROLE_KEY_ADMIN_AUDITOR:{value:4, label:'KMSAuditor', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'}
 	});
 	
 	XAEnums.UserTypes = mergeParams(XAEnums.UserTypes, {
@@ -365,11 +367,12 @@ define(function(require) {
 	});
 	
 	XAEnums.MenuPermissions =  mergeParams(XAEnums.MenuPermissions, {
-		XA_RESOURCE_BASED_POLICIES:{value:0, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_PERM_FOR_UNKNOWN'},
-		XA_USER_GROUPS:{value:1, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_PERM_FOR_USER'},
-		XA_REPORTS:{value:2, label:'Reports', rbkey:'xa.enum.MenuPermissions.XA_REPORTS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
-		XA_AUDITS:{value:3, label:'Audit', rbkey:'xa.enum.MenuPermissions.XA_AUDITS', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'},
-		XA_KEY_MANAGER:{value:4, label:'Key Manager', rbkey:'xa.enum.MenuPermissions.XA_KEY_MANAGER', tt: 'lbl.XAPermForType_XA_PERM_FOR_GROUP'}
+                XA_RESOURCE_BASED_POLICIES:{value:1, label:'Resource Based Policies', rbkey:'xa.enum.MenuPermissions.XA_RESOURCE_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_RESOURCE_BASED_POLICIES'},
+                XA_USER_GROUPS:{value:2, label:'Users/Groups', rbkey:'xa.enum.MenuPermissions.XA_USER_GROUP', tt: 'lbl.XAPermForType_XA_USER_GROUPS'},
+                XA_REPORTS:{value:3, label:'Reports', rbkey:'xa.enum.MenuPermissions.XA_REPORTS', tt: 'lbl.XAPermForType_XA_REPORTS'},
+                XA_AUDITS:{value:4, label:'Audit', rbkey:'xa.enum.MenuPermissions.XA_AUDITS', tt: 'lbl.XAPermForType_XA_AUDITS'},
+                XA_KEY_MANAGER:{value:5, label:'Key Manager', rbkey:'xa.enum.MenuPermissions.XA_KEY_MANAGER', tt: 'lbl.XAPermForType_XA_KEY_MANAGER'},
+                XA_TAG_BASED_POLICIES:{value:6, label:'Tag Based Policies', rbkey:'xa.enum.MenuPermissions.XA_TAG_BASED_POLICIES', tt: 'lbl.XAPermForType_XA_TAG_BASED_POLICIES'}
 	});
 
 	return XAEnums;

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 4fe7263..c1e6ef5 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1148,7 +1148,7 @@ define(function(require) {
 			var denyControllerActions = [], denyModulesObj = [];
 			var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
 			//add by default permission module to admin user
-			if (SessionMgr.isSystemAdmin()){
+                        if (XAUtils.isAuditorOrSystemAdmin(SessionMgr)){
 				userModuleNames.push('Permissions')
 			}
 			var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName'),
@@ -1216,16 +1216,23 @@ define(function(require) {
 		var SessionMgr  = require('mgrs/SessionMgr');
 		var userRoleList = []
 		_.each(XAEnums.UserRoles,function(val, key){
-			if(SessionMgr.isKeyAdmin() && XAEnums.UserRoles.ROLE_SYS_ADMIN.value != val.value){
+            if(SessionMgr.isKeyAdmin() && XAEnums.UserRoles.ROLE_SYS_ADMIN.value != val.value
+                && XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value != val.value){
 				userRoleList.push(key)
-			}else if(SessionMgr.isSystemAdmin() && XAEnums.UserRoles.ROLE_KEY_ADMIN.value != val.value){
+            }else if(SessionMgr.isSystemAdmin() && XAEnums.UserRoles.ROLE_KEY_ADMIN.value != val.value
+                && XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value != val.value){
 				userRoleList.push(key)
 			}else if(SessionMgr.isUser() && XAEnums.UserRoles.ROLE_USER.value == val.value){
 				userRoleList.push(key)
+            }else if(SessionMgr.isAuditor() && XAEnums.UserRoles.ROLE_KEY_ADMIN.value != val.value
+                && XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value != val.value){
+                userRoleList.push(key)
+            }else if(SessionMgr.isKMSAuditor() && XAEnums.UserRoles.ROLE_SYS_ADMIN.value != val.value
+                && XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value != val.value){
+                userRoleList.push(key)
 			}
 		})
-		return {'userRoleList' : userRoleList };
-	};
+		return {'userRoleList' : userRoleList };	};
 	XAUtils.showErrorMsg = function(respMsg){
 		var respArr = respMsg.split(/\([0-9]*\)/);
 		respArr = respArr.filter(function(str){ return str; });
@@ -1376,5 +1383,11 @@ define(function(require) {
         newLabelArr.push('</div>');
         return newLabelArr.length ? newLabelArr.join(' ') : '--';
     };
+    XAUtils.isAuditorOrSystemAdmin = function(SessionMgr){
+        return (SessionMgr.isAuditor() || SessionMgr.isSystemAdmin()) ? true : false ;
+    };
+    XAUtils.isAuditorOrKMSAuditor = function(SessionMgr){
+        return (SessionMgr.isAuditor() || SessionMgr.isKMSAuditor()) ? true : false ;
+    }
 	return XAUtils;
 });
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/common/TopNav.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/common/TopNav.js b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
index aba71ef..0f4a708 100644
--- a/security-admin/src/main/webapp/scripts/views/common/TopNav.js
+++ b/security-admin/src/main/webapp/scripts/views/common/TopNav.js
@@ -23,7 +23,9 @@ define(function(require){
 
 	var Backbone		= require('backbone');
 
-	var TopNav_tmpl = require('hbs!tmpl/common/TopNav_tmpl'); 
+        var TopNav_tmpl = require('hbs!tmpl/common/TopNav_tmpl');
+        var SessionMgr  = require('mgrs/SessionMgr');
+        var XAUtil = require('utils/XAUtils');
 	require('jquery.cookie');
 	var TopNav = Backbone.Marionette.ItemView.extend(
 	/** @lends TopNav */
@@ -32,7 +34,9 @@ define(function(require){
 		
     	template: TopNav_tmpl,
     	templateHelpers : function(){
-    		
+        return{
+                showPermissionTab : XAUtil.isAuditorOrSystemAdmin(SessionMgr)
+		}
     	},
         
     	/** ui selector cache */

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
index 2749cea..38c0177 100755
--- a/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/kms/KMSTableLayout.js
@@ -32,6 +32,7 @@ define(function(require){
 	var KmsKey				= require('models/VXKmsKey');
 	var XATableLayout		= require('views/common/XATableLayout');
 	var KmsTablelayoutTmpl 	= require('hbs!tmpl/kms/KmsTableLayout_tmpl');
+        var SessionMgr          = require('mgrs/SessionMgr');
 
 	var KmsTableLayout = Backbone.Marionette.Layout.extend(
 	/** @lends KmsTableLayout */
@@ -40,6 +41,9 @@ define(function(require){
 		
     	template: KmsTablelayoutTmpl,
     	templateHelpers : function(){
+	    return {
+	        isKeyadmin : SessionMgr.isKeyAdmin() ? true :false
+	    }
     	},
     	breadCrumbs :[XALinks.get('KmsManage')],
 		/** Layout sub regions */
@@ -231,6 +235,9 @@ define(function(require){
 				}
 				
 			};
+                        if(!SessionMgr.isKeyAdmin()){
+                            delete cols.operation;
+                        }
 			return this.collection.constructor.getTableCols(cols, this.collection);
 		},
 		

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
index d9c522c..47c69de 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
@@ -161,15 +161,23 @@ define(function(require) {
 							return { name : term, isVisible : XAEnums.VisibilityStatus.STATUS_VISIBLE.value };
 						},
 						results: function (data, page) {
-							var results = [];
 							var results = [], selectedVals = [];
 							//Get selected values of groups/users dropdown
 							selectedVals = that.getSelectedValues(options);
 							if(data.resultSize != "0"){
 								if(!_.isUndefined(data.vXGroups)){
-                                                                        results = data.vXGroups.map(function(m, i){	return {id : m.id, text: _.escape(m.name) };	});
+                                                                    results = data.vXGroups.map(function(m, i){	return {id : m.id, text: _.escape(m.name) };	});
 								} else if(!_.isUndefined(data.vXUsers)){
-                                                                        results = data.vXUsers.map(function(m, i){	return {id : m.id, text: _.escape(m.name) };	});
+//								     tag base policy tab hide from KeyAdmin and KMSAuditor users
+                                                                    if(that.model.get('module') === XAEnums.MenuPermissions.XA_TAG_BASED_POLICIES.label){
+                                                                        _.map(data.vXUsers ,function(m, i){
+                                                                            if(XAEnums.UserRoles[m.userRoleList[0]].label != 'KeyAdmin' && XAEnums.UserRoles[m.userRoleList[0]].label != 'KMSAuditor'){
+                                                                                results.push({id : m.id, text: _.escape(m.name) });
+                                                                            }
+                                                                        });
+                                                                    }else{
+                                                                        results = data.vXUsers.map(function(m, i){  return {id : m.id, text: _.escape(m.name) };    });
+                                                                    }
                                                                 }
                                                                 if(!_.isEmpty(selectedVals)){
 										results = XAUtil.filterResultByText(results, selectedVals);

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
index b46d526..9db72a7 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
@@ -124,7 +124,7 @@ define(function(require){
 					cell : "uri",
 					reName : 'module',
 					href: function(model){
-						return '#!/permissions/'+model.id+'/edit';
+                                            return '#!/permissions/'+model.id+'/edit';
 					},
 					label	: localization.tt("lbl.modules"),
 					editable: false,
@@ -162,6 +162,7 @@ define(function(require){
 					sortable : false
 				},
 			};
+                        if(SessionMgr.isSystemAdmin()){
 			cols['permissions'] = {
 				cell :  "html",
 				label : localization.tt("lbl.action"),
@@ -174,6 +175,10 @@ define(function(require){
 				sortable : false
 
 			};
+                        }
+                        if(SessionMgr.isAuditor()){
+                            cols.module.cell = "string";
+                        }
 			return this.collection.constructor.getTableCols(cols, this.collection);
 		},
 		onShowMore : function(e){

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index 618207d..b4006ce 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@ -55,7 +55,8 @@ define(function(require){
 				rangerServiceDef : this.rangerServiceDefModel,
 				rangerPolicyType : this.collection.queryParams['policyType'],
 				isRenderAccessTab : XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef')) ? true 
-						  : XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef')) ? true : false
+                                        : XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef')) ? true : false,
+                isNotAuditorAdminOrKmsAuditor : !(XAUtil.isAuditorOrKMSAuditor(SessionMgr))
 			};
 		},
         
@@ -205,7 +206,7 @@ define(function(require){
 				id : {
 					cell : "uri",
 					href: function(model){
-						return '#!/service/'+that.rangerService.id+'/policies/'+model.id+'/edit';
+                                            return '#!/service/'+that.rangerService.id+'/policies/'+model.id+'/edit';
 					},
 					label	: localization.tt("lbl.policyId"),
 					editable: false,
@@ -287,22 +288,28 @@ define(function(require){
 					sortable : false
 				},
 			};
-
 			cols['permissions'] = {
 				cell :  "html",
 				label : localization.tt("lbl.action"),
 				formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
 					fromRaw: function (rawValue,model) {
-						return '<a href="javascript:void(0);" data-name ="viewPolicy" data-id="'+model.id+'" class="btn btn-mini" title="View"><i class="icon-eye-open icon-large" /></a>\
-								<a href="#!/service/'+that.rangerService.id+'/policies/'+model.id+'/edit" class="btn btn-mini" title="Edit"><i class="icon-edit icon-large" /></a>\
-								<a href="javascript:void(0);" data-name ="deletePolicy" data-id="'+model.id+'"  class="btn btn-mini btn-danger" title="Delete"><i class="icon-trash icon-large" /></a>';
+                        if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                            return '<a href="javascript:void(0);" data-name ="viewPolicy" data-id="'+model.id+'" class="btn btn-mini" title="View"><i class="icon-eye-open icon-large" /></a>';
+                        }else{
+                            return '<a href="javascript:void(0);" data-name ="viewPolicy" data-id="'+model.id+'" class="btn btn-mini" title="View"><i class="icon-eye-open icon-large" /></a>\
+                                    <a href="#!/service/'+that.rangerService.id+'/policies/'+model.id+'/edit" class="btn btn-mini" title="Edit"><i class="icon-edit icon-large" /></a>\
+                                    <a href="javascript:void(0);" data-name ="deletePolicy" data-id="'+model.id+'"  class="btn btn-mini btn-danger" title="Delete"><i class="icon-trash icon-large" /></a>';
 						//You can use rawValue to custom your html, you can change this value using the name parameter.
+                        }
 					}
 				}),
 				editable: false,
 				sortable : false
 
 			};
+                        if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                            cols.id.cell = 'string';
+                        }
 			return this.collection.constructor.getTableCols(cols, this.collection);
 		},
 		onDelete :function(e){

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
index 7aab1e2..118abf0 100644
--- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
@@ -32,6 +32,7 @@ define(function(require){
 	var ServicemanagerlayoutTmpl = require('hbs!tmpl/common/ServiceManagerLayout_tmpl');
 	var vUploadServicePolicy		= require('views/UploadServicePolicy');
 	var vDownloadServicePolicy		= require('views/DownloadServicePolicy');
+        var RangerServiceViewDetail = require('views/service/RangerServiceViewDetail');
 	require('Backbone.BootstrapModal');
 	return Backbone.Marionette.Layout.extend(
 	/** @lends Servicemanagerlayout */
@@ -45,7 +46,7 @@ define(function(require){
 				operation 	: SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(),
 				serviceDefs : this.collection.models,
 				services 	: this.services.groupBy("type"),
-				showImportExportBtn : SessionMgr.isUser() ? false : true
+                                showImportExportBtn : (SessionMgr.isUser() || XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true
 			};
 			
 		},
@@ -65,7 +66,8 @@ define(function(require){
     		'downloadReport'      : '[data-id="downloadBtnOnService"]',
     		'uploadServiceReport' :'[data-id="uploadBtnOnServices"]',
     		'exportReport'      : '[data-id="exportBtn"]',
-        	'importServiceReport' :'[data-id="importBtn"]'
+                'importServiceReport' :'[data-id="importBtn"]',
+                'viewServices' : '[data-name="viewService"]'
     	},
 
 		/** ui events hash */
@@ -76,6 +78,7 @@ define(function(require){
 			events['click ' + this.ui.uploadServiceReport]	= 'uploadServiceReport';
 			events['click ' + this.ui.exportReport]	= 'downloadReport';
 			events['click ' + this.ui.importServiceReport]	= 'uploadServiceReport';
+                        events['click ' + this.ui.viewServices]   = 'viewServices';
 			return events;
 		},
     	/**
@@ -240,6 +243,26 @@ define(function(require){
 				});
 			}
 		},
+        viewServices : function(e){
+            var that =this;
+            var serviceId =  $(e.currentTarget).data('id');
+            var rangerService = that.services.find(function(m){return m.id == serviceId});
+            var serviceDef = that.collection.find(function(m){return m.get('name') == rangerService.get('type')});
+            var view = new RangerServiceViewDetail({
+                serviceDef : serviceDef,
+                rangerService : rangerService,
+
+            });
+            var modal = new Backbone.BootstrapModal({
+                animate : true,
+                content     : view,
+                title: localization.tt("h.serviceDetails"),
+                okText :localization.tt("lbl.ok"),
+                allowCancel : true,
+                escape : true
+            }).open();
+            modal.$el.find('.cancel').hide();
+        },
 		/** on close */
 		onClose: function(){
 		}

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
index c8fc050..5d929c1 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js
@@ -370,12 +370,20 @@ define(function(require){
 						m.set('newValue',XAEnums.UserRoles.ROLE_SYS_ADMIN.label)
 					else if(newRole == "ROLE_KEY_ADMIN")
 						m.set('newValue',XAEnums.UserRoles.ROLE_KEY_ADMIN.label)
+                    else if(newRole == "ROLE_KEY_ADMIN_AUDITOR")
+                        m.set('newValue',XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.label)
+                    else if(newRole == "ROLE_ADMIN_AUDITOR")
+                        m.set('newValue',XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.label)
 					if(prevRole == "ROLE_USER")
 						m.set('previousValue',XAEnums.UserRoles.ROLE_USER.label)
 					else if(prevRole == "ROLE_SYS_ADMIN")
 						m.set('previousValue',XAEnums.UserRoles.ROLE_SYS_ADMIN.label)
 					else if(prevRole == "ROLE_KEY_ADMIN")
 						m.set('previousValue',XAEnums.UserRoles.ROLE_KEY_ADMIN.label)
+                    else if(prevRole == "ROLE_KEY_ADMIN_AUDITOR")
+                        m.set('previousValue',XAEnums.UserRoles.ROLE_KEY_ADMIN_AUIDTOR.label)
+                    else if(prevRole == "ROLE_ADMIN_AUDITOR")
+                        m.set('previousValue',XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.label)
 				} else {
 					if(!m.has('attributeName'))
 						modelArr.push(m);

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index e0470cf..db64ee6 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -34,6 +34,7 @@ define(function(require) {'use strict';
 	var RangerServiceDefList= require('collections/RangerServiceDefList');
 	var RangerPolicyList	= require('collections/RangerPolicyList');
 	var UseraccesslayoutTmpl= require('hbs!tmpl/reports/UserAccessLayout_tmpl');
+        var SessionMgr  	= require('mgrs/SessionMgr');
 
 	var UserAccessLayout 	= Backbone.Marionette.Layout.extend(
 	/** @lends UserAccessLayout */
@@ -45,7 +46,8 @@ define(function(require) {'use strict';
 		templateHelpers :function(){
 			return {
 				groupList : this.groupList,
-				policyHeaderList : this.policyCollList
+                                policyHeaderList : this.policyCollList,
+                                showImportExportBtn : (XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true
 			};
 		},
 
@@ -465,6 +467,9 @@ define(function(require) {'use strict';
 			};
 			var permissions = this.getPermissionColumns(this[collName],collName,serviceDefName,subcolumns);
 			_.extend(columns,permissions);
+                        if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                            columns.id.cell = 'string';
+                        }
 			return coll.constructor.getTableCols(columns, coll);
 		},
 		getPermissionColumns: function (coll,collName,serviceDefName,subcolumns){

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
new file mode 100644
index 0000000..3b2f67c
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/service/RangerServiceViewDetail.js
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require) {
+        'use strict';
+
+        var Backbone = require('backbone');
+        var XAEnums = require('utils/XAEnums');
+        var XAGlobals = require('utils/XAGlobals');
+        var XAUtils = require('utils/XAUtils');
+        var localization = require('utils/XALangSupport');
+
+        var RangerServiceViewDetailTmpl = require('hbs!tmpl/service/RangerServiceViewDetail_tmpl');
+        var RangerService = require('models/RangerService');
+
+        var RangerServiceView = Backbone.Marionette.Layout.extend({
+                _viewName: 'RangerServiceView',
+
+                template: RangerServiceViewDetailTmpl,
+                templateHelpers: function() {
+                    var that = this;
+
+                    return {
+               configsList : this.conf,
+               customConfigs : this.customConfigs,
+               serviceName : this.options.rangerService.get('name'),
+               description : this.options.rangerService.get('description'),
+               isEnabled   : this.options.rangerService.get('isEnabled'),
+               tagService  : (this.options.rangerService.get('tagService')) ? this.options.rangerService.get('tagService') : false,
+           }
+                },
+                breadCrumbs: [],
+
+                /**
+                 * intialize a new RangerServiceDiffDetaile Layout
+                 * @constructs
+                 */
+                initialize: function(options) {
+                    console.log("initialized a Ranger Service View Diff");
+                    var that = this;
+                    that.getTemplateForservice(this.options);
+                },
+                getTemplateForservice : function(options){
+                    var configList = options.serviceDef.get('configs');
+                    var serviceConfigs = options.rangerService.get('configs');
+                    var configs = {} , customConfigs = serviceConfigs;
+                    _.each(configList , function(m){
+                        if(m.label){
+                            configs[m.label] = serviceConfigs[m.name]
+                        }else{
+                            configs[m.name] = serviceConfigs[m.name]
+                        }
+                        customConfigs = _.omit(customConfigs , m.name);
+                    })
+                    this.conf = configs;
+                    if(_.isEmpty(customConfigs)){
+                        this.customConfigs = false
+                    }else{
+                        this.customConfigs = customConfigs;
+                    }
+                },
+                /** on close */
+                onClose: function() {}
+        });
+
+        return RangerServiceView;
+});

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js b/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js
index d545a05..5ebd290 100644
--- a/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js
+++ b/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js
@@ -77,6 +77,10 @@ define(function(require){
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_USER.value);
 						} else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN.value);
+                        } else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value){
+                            this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value);
+                        } else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value){
+                            this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value);
 						} else {
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_SYS_ADMIN.value);
 						}
@@ -118,6 +122,10 @@ define(function(require){
 				this.model.set('userRoleList',["ROLE_USER"]);
 			} else if(this.model.get('userRoleList') == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){
 				this.model.set('userRoleList',["ROLE_KEY_ADMIN"]);
+            } else if(this.model.get('userRoleList') == XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_KEY_ADMIN_AUDITOR"]);
+            } else if(this.model.get('userRoleList') == XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_ADMIN_AUDITOR"]);
 			}
 		},
 		/** all post render plugin initialization */

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js b/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
index b73f755..a764387 100644
--- a/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
@@ -32,6 +32,7 @@ define(function(require){
 	var VXGroupList		= require('collections/VXGroupList');
 	var GroupForm		= require('views/users/GroupForm');
 	var GroupcreateTmpl = require('hbs!tmpl/users/GroupCreate_tmpl');
+        var SessionMgr      = require('mgrs/SessionMgr');
 
 	var GroupCreate = Backbone.Marionette.Layout.extend(
 	/** @lends GroupCreate */
@@ -93,7 +94,8 @@ define(function(require){
 			this.rForm.show(this.form);
 			this.rForm.$el.dirtyFields();
 			XAUtil.preventNavigation(localization.tt('dialogMsg.preventNavGroupForm'),this.rForm.$el);
-			if(!_.isUndefined(this.model.get('groupSource')) && this.model.get('groupSource') == XAEnums.GroupSource.XA_GROUP.value){
+                        if((!_.isUndefined(this.model.get('groupSource')) && this.model.get('groupSource') == XAEnums.GroupSource.XA_GROUP.value)
+                                || XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
                                 this.ui.btnSave.prop( "disabled", true );
 			}
 		},

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserCreate.js b/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
index b8c5894..e1afff1 100644
--- a/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
@@ -32,6 +32,7 @@ define(function(require){
 	var UserTableLayout	= require('views/users/UserTableLayout');
 	var VXUserList		= require('collections/VXUserList');
 	var UserCreateTmpl  = require('hbs!tmpl/users/UserCreate_tmpl');
+        var SessionMgr		= require('mgrs/SessionMgr');
 
 	var UserCreate = Backbone.Marionette.Layout.extend(
 	/** @lends UserCreate */
@@ -100,7 +101,10 @@ define(function(require){
 			this.renderForm();
 			this.rForm.$el.dirtyFields();
 			XAUtil.preventNavigation(localization.tt('dialogMsg.preventNavUserForm'),this.rForm.$el);
-			},
+                if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                    this.ui.btnSave.attr("disabled", true);
+                }
+                },
 		/** all post render plugin initialization */
 		initializePlugins: function(){
 		},

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/users/UserForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserForm.js b/security-admin/src/main/webapp/scripts/views/users/UserForm.js
index bd3730b..ee0d256 100644
--- a/security-admin/src/main/webapp/scripts/views/users/UserForm.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserForm.js
@@ -113,13 +113,13 @@ define(function(require){
 					type : 'Select',
 					options : function(callback, editor){
 
-						var userTypes = _.filter(XAEnums.UserRoles,function(m){
-							if(!SessionMgr.isKeyAdmin()){
-								return m.label != 'Unknown'	&& m.label != 'KeyAdmin';
-							} else {
-								return m.label != 'Unknown' && m.label != 'Admin';
-							}
-						});
+                        var userTypes = _.filter(XAEnums.UserRoles,function(m){
+                            if(!SessionMgr.isKeyAdmin()){
+                                return m.label != 'Unknown'	&& m.label != 'KeyAdmin' && m.label != 'KMSAuditor';
+                            } else {
+                                return m.label != 'Unknown' && m.label != 'Admin' && m.label != 'Auditor';
+                            }
+                        });
 						var nvPairs = XAUtils.enumToSelectPairs(userTypes);
 						callback(nvPairs);
 						editor.$el.val("0");
@@ -144,6 +144,10 @@ define(function(require){
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_USER.value);
 						} else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN.value);
+                        } else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value){
+                            this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value);
+                        } else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value){
+                            this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value);
 						} else {
 							this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_SYS_ADMIN.value);
 						}
@@ -241,7 +245,11 @@ define(function(require){
 				this.model.set('userRoleList',["ROLE_USER"]);
 			}else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){
 				this.model.set('userRoleList',["ROLE_KEY_ADMIN"]);
-			}else{
+            } else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_KEY_ADMIN_AUDITOR"]);
+            } else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_ADMIN_AUDITOR"]);
+            } else{
 				this.model.set('userRoleList',["ROLE_SYS_ADMIN"]);
 			}
 			return true;
@@ -253,7 +261,11 @@ define(function(require){
 				this.model.set('userRoleList',["ROLE_USER"]);
 			}else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){
 				this.model.set('userRoleList',["ROLE_KEY_ADMIN"]);
-			}else{
+            } else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_KEY_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_KEY_ADMIN_AUDITOR"]);
+            } else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_ADMIN_AUDITOR.value){
+                this.model.set('userRoleList',["ROLE_ADMIN_AUDITOR"]);
+            } else{
 				this.model.set('userRoleList',["ROLE_SYS_ADMIN"]);
 			}
 		},

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
index 9febd99..410a8ad 100644
--- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
@@ -290,7 +290,7 @@ define(function(require){
 				name : {
 					label	: localization.tt("lbl.userName"),
 					href: function(model){
-						return '#!/user/'+ model.id;
+                                            return '#!/user/'+ model.id;
 					},
 					editable:false,
 					sortable:false,
@@ -372,6 +372,12 @@ define(function(require){
 					sortable:false
 				}
 			};
+                        if(!SessionMgr.isSystemAdmin()){
+                            delete cols.select;
+                        }
+            if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                cols.name.cell = 'string';
+            }
 			return this.collection.constructor.getTableCols(cols, this.collection);
 		},
 		
@@ -416,7 +422,7 @@ define(function(require){
 				name : {
 					label	: localization.tt("lbl.groupName"),
 					href: function(model){
-						return '#!/group/'+ model.id;
+                                            return '#!/group/'+ model.id;
 					},
 					editable:false,
 					sortable:false,
@@ -464,6 +470,12 @@ define(function(require){
 					sortable:false
 				}
 			};
+            if(!SessionMgr.isSystemAdmin()){
+                delete cols.select;
+            }
+            if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                cols.name.cell = 'string';
+            }
 			return this.groupList.constructor.getTableCols(cols, this.groupList);
 		},
 
@@ -614,10 +626,12 @@ define(function(require){
 				    	  valueMatches :function(facet, searchTerm, callback) {
 								switch (facet) {
 									case 'Role':
-										var roles = XAUtil.hackForVSLabelValuePairs(XAEnums.UserRoles);
-										var label  = SessionMgr.isSystemAdmin() || SessionMgr.isUser() ? XAEnums.UserRoles.ROLE_KEY_ADMIN.label
-													: XAEnums.UserRoles.ROLE_SYS_ADMIN.label;
-										callback(_.filter(roles, function(o) { return o.label !== label; }));
+                                        var userRoles ={};
+                                        _.map(XAUtil.getUserDataParams().userRoleList, function(obj){
+                                                userRoles[obj] = XAEnums.UserRoles[obj];
+                                        })
+                                        var roles = XAUtil.hackForVSLabelValuePairs(userRoles);
+                                        callback(roles);
 										break;
 									case 'User Source':
 										callback(XAUtil.hackForVSLabelValuePairs(XAEnums.UserTypes));

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index 919e825..5ccbbc2 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -386,7 +386,6 @@ body {
 }
 /*  Seach Info btn*/
 .searchInfo{
-        margin-left:12px;
         color:#4c504b;
         font-size:larger;
 }
@@ -2233,7 +2232,9 @@ textarea:read-only{
 .label-margin{
     margin-left: 10px;
 }
-.shorten-label {
+.margin-left-min-30{
+        margin-left: -30px;
+}.shorten-label {
     max-width: 180px;
     text-overflow: ellipsis;
     overflow: hidden;

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
index d2ff968..31a9c26 100644
--- a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
+++ b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
@@ -50,9 +50,9 @@
 				{{#hasAccessToTab  'Users/Groups'}}
 					<li><a href="#!/users/usertab"><i class="icon-group"></i>{{tt 'h.usersOrGroups'}}</a></li>
 				{{/hasAccessToTab}}	
-				{{#isSystemAdmin .}}
+                                {{#if showPermissionTab}}
 					<li><a href="#!/permissions"><i class="icon-file-alt"></i> {{tt 'h.permissions'}}</a></li>
-				{{/isSystemAdmin}}	
+                                {{/if}}
 			</ul>
 		</li>
 		

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
index f8479e4..946b6a3 100644
--- a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
+++ b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
@@ -510,10 +510,16 @@
 				serviceName = serv.get('name');
 				if(SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin()){
 					serviceOperationDiv = '<div class="pull-right">\
-					<a data-id="'+serv.id+'" class="btn btn-mini" href="#!/service/'+serviceDef.id+'/edit/'+serv.id+'" title="Edit"><i class="icon-edit"></i></a>\
-					<a data-id="'+serv.id+'" class="deleteRepo btn btn-mini btn-danger" href="javascript:void(0);" title="Delete">\
-					<i class="icon-trash"></i></a>\
-					</div>'
+                                            <a href="javascript:void(0);" data-name="viewService" data-id="'+serv.id+'" class="btn btn-mini" title="View"><i class="icon-eye-open "></i></a>\
+                                            <a data-id="'+serv.id+'" class="btn btn-mini" href="#!/service/'+serviceDef.id+'/edit/'+serv.id+'" title="Edit"><i class="icon-edit"></i></a>\
+                                            <a data-id="'+serv.id+'" class="deleteRepo btn btn-mini btn-danger" href="javascript:void(0);" title="Delete">\
+                                            <i class="icon-trash"></i></a>\
+                                           </div>'
+                                }
+                                if(XAUtil.isAuditorOrKMSAuditor(SessionMgr)){
+                                    serviceOperationDiv = '<div class="pull-right">\
+                                                <a href="javascript:void(0);" data-name="viewService" data-id="'+serv.id+'" class="btn btn-mini" title="View"><i class="icon-eye-open "></i></a>\
+                                           </div>'
 				}
 				tr += '<tr><td><div>\
 						<a data-id="'+serv.id+'" href="#!/service/'+serv.id+'/policies/'+policyType+'">'+_.escape(serv.attributes.name)+'</a>'+serviceOperationDiv+'\

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/kms/KmsTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/kms/KmsTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/kms/KmsTableLayout_tmpl.html
index 8107148..2f42791 100644
--- a/security-admin/src/main/webapp/templates/kms/KmsTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/kms/KmsTableLayout_tmpl.html
@@ -22,13 +22,16 @@
 			Select Service : <input type="text" name="serviceName" data-js="serviceName" style="margin-left: 17px;font-weight: normal;font-size: 13px;" >
 		</p>
 	</fieldset>
-	<div style=" margin-top: 14px; ">
-		<div class="span9">
-			<div class="visual_search"></div>
-		</div>
-		<div class="clearfix">
-			<a href="javascript:;" class="btn btn-primary btn-right" type="button" data-id="addNewKey"> {{tt 'lbl.addNewKey'}} </a>
-			<a href="#!/group/create" class="btn btn-primary btn-right" type="button" data-id="addNewGroup" style="display:none;"> {{tt 'lbl.addNewZone'}} </a>
+        <div>
+                <div class="row-fluid margin-bottom-11">
+                        <div class="span10">
+                <div class="visual_search"></div>
+            </div>
+        {{#isKeyadmin}}
+            <div class="span2">
+                <a href="javascript:;" class="btn btn-primary btn-right" type="button" data-id="addNewKey"> {{tt 'lbl.addNewKey'}} </a>
+            </div>
+        {{/isKeyadmin}}
 		</div>
 		<div data-id="r_tableList" class="clickable">
           <b class="_prevNav"></b>

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
index 52b36a1..4b35587 100644
--- a/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
@@ -22,6 +22,6 @@
 
 		</div>
 		<div class="clearfix"></div>
-		<div data-id="r_table" class="clickable"></div>
+                <div data-id="r_table"></div>
 	</div>
 </div>

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
index c49dc32..bcd495c 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
@@ -36,18 +36,22 @@
 <h3 class="wrap-header bold"> {{tt 'lbl.listOfPolicies'}} : {{rangerService.attributes.name}} </h3>
 <div class="wrap non-collapsible m-height ">
 	<div>
-        <div>
-		<div class="span9">
-			<div class="visual_search"></div>
-		</div>
-
-                <i class="icon-info-sign searchInfo" title="Search Filter Hints" data-id="searchInfo"> </i>
-
-		<div class="clearfix">
-			<a data-js="addNewPolicy" href="#!/service/{{rangerService.id}}/policies/create/{{this.rangerPolicyType}}" class="btn btn-primary btn-right" type="button"> {{tt 'lbl.addNewPolicy'}} </a>
-		</div>
+        <div class="row-fluid margin-bottom-11">
+            <div class="span9">
+                <div class="visual_search"></div>
+            </div>
+            <div class="span1">
+                <i class="icon-info-sign searchInfo margin-left-min-30" title="Search Filter Hints" data-id="searchInfo"> </i>
+            </div>
+            <div class="span2">
+                <div class="clearfix btn-right">
+                    {{#if isNotAuditorAdminOrKmsAuditor}}
+                            <a data-js="addNewPolicy" href="#!/service/{{rangerService.id}}/policies/create/{{this.rangerPolicyType}}" class="btn btn-primary " type="button">{{tt 'lbl.addNewPolicy'}} </a>
+                    {{/if}}
                 </div>
-		<div data-id="r_table" class="clickable"></div>
+            </div>
+        </div>
+                <div data-id="r_table"></div>
 	</div>
 </div>
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html b/security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html
index e185742..3bd098d 100644
--- a/security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html
@@ -107,6 +107,7 @@
 
 		</div>
 	</div>
+        {{#showImportExportBtn}}
 	<div class="row-fluid">
 	<span>
 		<div class="btn-group btn-right">
@@ -127,6 +128,7 @@
 	</span>
 		<a href="javascript:void(0)" data-id="downloadReport"></a>
 	</div>
+        {{/showImportExportBtn}}
 	<div class="row-fluid">
 		{{#each policyHeaderList}}
 		<h3 class="wrap-header bold reportSearchHeader" data-js="hdfsHeader" data-compHeader="{{this.serviceDefName}}">

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html b/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
new file mode 100644
index 0000000..d9fe51f
--- /dev/null
+++ b/security-admin/src/main/webapp/templates/service/RangerServiceViewDetail_tmpl.html
@@ -0,0 +1,120 @@
+{{!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+--}}
+<div id="serviceDetails" class="row-fluid">
+    <p class="formHeader">
+        {{tt 'h.serviceDetails'}} :
+    </p>
+    <table class="table table-bordered table-condensed">
+        <tbody>
+            <tr>
+                <td>
+                    {{tt 'lbl.serviceName'}}
+                </td>
+                <td>
+                    {{serviceName}}
+                </td>
+            </tr>
+            <tr>
+                <td>
+                    {{tt 'lbl.description'}}
+                </td>
+                {{#if description}}
+                    <td>
+                        {{description}}
+                    </td>
+                {{else}}
+                <td>
+                    --
+                </td>
+                {{/if}}
+            </tr>
+            <tr>
+                <td>
+                    {{tt 'lbl.activeStatus'}}
+                </td>
+                {{#if isEnabled}}
+                    <td>
+                        <span class="label label-info">Enabled</span>
+                    </td>
+                {{else}}
+                <td>
+                    <span class="label label-info">Disabled</span>
+                </td>
+                {{/if}}
+            </tr>
+            <tr>
+                <td>
+                    {{tt 'lbl.selectTagService'}}
+                </td>
+                <td>
+                    {{#compare tagService  "eq" ''}}
+                        <span>--</span>
+                    {{else}}
+                        <span class="label label-info">{{tagService}}</span>
+                    {{/compare}}
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</div>
+<div id="configProperties" class="row-fluid">
+    <p class="formHeader">
+        {{tt 'h.configProperties'}}  :
+    </p>
+    <table class="table table-bordered table-condensed">
+        <tbody>
+            {{#each configsList}}
+                <tr>
+                    <td>
+                        {{@key}}
+                    </td>
+                    <td>
+                        {{#if this}}
+                            {{this}}
+                        {{else}}
+                            --
+                        {{/if}}
+                    </td>
+                </tr>
+            {{/each}}
+            <tr>
+                <td colspan="2"><b>{{tt 'lbl.addNewConfig'}} :</b></td>
+            </tr>
+            {{#if customConfigs}}
+                {{#each customConfigs}}
+                    <tr>
+                        <td>
+                            {{@key}}
+                        </td>
+                        <td>
+                            {{this}}
+                        </td>
+                    </tr>
+                {{/each}}
+            {{else}}
+                <tr>
+                    <td>
+                        --
+                    </td>
+                    <td>
+                        --
+                    </td>
+                </tr>
+            {{/if}}
+        </tbody>
+    </table>
+</div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ranger/blob/4d05b156/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html
index b7d4967..69d7c3e 100644
--- a/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html
@@ -33,6 +33,7 @@
 			{{#isSystemAdmin .}}
 				<a href="javascript:void(0);" data-id="deleteUserGroup" title="Permanently delete selected users/groups" class="btn btn-primary btn-right btn-danger"><i class="icon-trash icon-large" /></a>
 			{{/isSystemAdmin}}
+      {{#isSystemAdmin .}}
       <div class="btn-group btn-right">
         <a class="btn btn-primary dropdown-toggle" data-toggle="dropdown" href="#">
           {{tt 'btn.setVisibility'}}
@@ -45,8 +46,9 @@
       </div>
       <a href="#!/user/create" class="btn btn-primary btn-right" type="button" data-id="addNewUser"> {{tt 'lbl.addNewUser'}} </a>
       <a href="#!/group/create" class="btn btn-primary btn-right" type="button" data-id="addNewGroup" style="display:none;"> {{tt 'lbl.addNewGroup'}} </a>
+      {{/isSystemAdmin}}
 		</div>
-		<div data-id="r_tableList" class="clickable">
+                <div data-id="r_tableList">
           <b class="_prevNav"></b>
 		</div>
 	</div>


Mime
View raw message