ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ARGUS-37) Delegated admin user should NOT be allowed to modify base policy
Date Thu, 04 Sep 2014 22:03:24 GMT
Velmurugan Periasamy created ARGUS-37:

             Summary: Delegated admin user should NOT be allowed to modify base policy
                 Key: ARGUS-37
                 URL: https://issues.apache.org/jira/browse/ARGUS-37
             Project: Argus
          Issue Type: Bug
            Reporter: Velmurugan Periasamy

Currently delegated admin user is allowed to change the base policy for HBase/Knox. User should
be allowed to edit the policy and make access more restrictive and not broader.

Steps to reproduce:
1. Login into system as admin
2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1  and assign it to "user" ( Note
this user should be internal user ) with permissions as : Admin  ( Selecting Admin will also
highlight all other permissions )
3. Now login as "user"  ( As per policy in step 2, this user is now a "Delegated Admin" user
4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2 ColumnFamilies=CF1
5. Click on save

Expected result: User should be NOT be allowed to change the Tables ( since he/she was delegated
admin ONLY for TBL1/CF1)

Actual result : The user is allowed to save the policy, which should not be case.

This message was sent by Atlassian JIRA

View raw message