ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alok Lal (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-205) Delete rest api of User not deleting user completely from system
Date Tue, 06 Jan 2015 18:31:35 GMT

    [ https://issues.apache.org/jira/browse/RANGER-205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14266518#comment-14266518

Alok Lal commented on RANGER-205:

Thanks [~gautamborad].

Here are my views on the design items that you had posed:
# It would be best to disable a user rather than delete it based on the reason given by [~shreymehrotra]
— preserving the links to historical data, e.g. audit.
# We should not touch external users.  I appreciate the use case you are after here, of course.
 Let me state here to be sure. Say, a user gets picked up by our user sync process but ranger
admin feels that that user should not have access.  In that case the admin may need an override
to remove/disable that user.  That use case is valid.  My hope is that in such cases that
offending user's access would have been revoked in the ldap itself.  Perhaps a good way to
address might be to provide a way to coax user sync to run on demand, i.e. override its usual
every 8 hours run schedule.  One also hopes that such needs are not frequent.
# If all the users/groups referred to by a user get deleted (i.e. disabled as discussed in
#1 above) then ideally we should disable that policy, i.e. not delete it.  For similar reasons
for user deletion.
# Since UI allows for internal users it should be possible to delete (disable) users.
# Currently UI does not allow group creation (i.e. today all groups are external groups with
exception of public group which has special processing rules around it too.).  IMO we should
allow internal group creation via UI.

Please correct if any assumptions that I might have made above are incorrect.

> Delete rest api of User not deleting user completely from system
> ----------------------------------------------------------------
>                 Key: RANGER-205
>                 URL: https://issues.apache.org/jira/browse/RANGER-205
>             Project: Ranger
>          Issue Type: Bug
>    Affects Versions: 0.4.0
>            Reporter: Hanish Bansal
> Delete rest api of user is removing entry from x_user table of database and not from
x_portal_user table so user get invisible from UI and api return success status.
> Due to which if a user is updated to have username/email-id of deleted user, it will
error message that this username/email-id already exists.
> Also if a new user is created with user-name of deleted user, user get successfully created
but his/her details are mapped with deleted user.
> Rest apis used are:
> {quote}
> DELETE http://<ip>:6080/service/xusers/users/userName/<username>
> DELETE http://<ip>:6080/service/xusers/users/<id>
> {quote}
> Expected result:
> Apis should remove entry from both tables x_user and x_portal_user.

This message was sent by Atlassian JIRA

View raw message