ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ARGUS-37) Delegated admin user should NOT be allowed to modify base policy
Date Fri, 05 Sep 2014 18:49:28 GMT

     [ https://issues.apache.org/jira/browse/ARGUS-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Velmurugan Periasamy updated ARGUS-37:
--------------------------------------
    Attachment: 0001-ARGUS-37-Delegated-Admin-should-NOT-be-able-to-modif.patch

> Delegated admin user should NOT be allowed to modify base policy
> ----------------------------------------------------------------
>
>                 Key: ARGUS-37
>                 URL: https://issues.apache.org/jira/browse/ARGUS-37
>             Project: Argus
>          Issue Type: Bug
>            Reporter: Velmurugan Periasamy
>            Assignee: Velmurugan Periasamy
>         Attachments: 0001-ARGUS-37-Delegated-Admin-should-NOT-be-able-to-modif.patch
>
>
> Currently delegated admin user is allowed to change the base policy for HBase/Knox. User
should be allowed to edit the policy and make access more restrictive and not broader.
> Steps to reproduce:
> 1. Login into system as admin
> 2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1  and assign it to "user"
( Note this user should be internal user ) with permissions as : Admin  ( Selecting Admin
will also highlight all other permissions )
> 3. Now login as "user"  ( As per policy in step 2, this user is now a "Delegated Admin"
user ) 
> 4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2
ColumnFamilies=CF1
> 5. Click on save
> Expected result: User should be NOT be allowed to change the Tables ( since he/she was
delegated admin ONLY for TBL1/CF1)
> Actual result : The user is allowed to save the policy, which should not be case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message