-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72626/#review221191
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On July 10, 2020, 11:22 a.m., Dineshkumar Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72626/
> -----------------------------------------------------------
>
> (Updated July 10, 2020, 11:22 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni,
Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy.
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Ranger user having role as "user" with delegate admin permission able to create policy
which has non-existing users/groups/roles in the specified policy.
> only admin users should be able to create policy with new users/groups/roles on the fly
creation of users/groups/roles.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 6bd06f484
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 4fb21a094
> security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java ff8e2ba43
>
>
> Diff: https://reviews.apache.org/r/72626/diff/2/
>
>
> Testing
> -------
>
> Without patch steps
> 1. Create user with role “user”
> 2. Give him delegate admin role.
> 3. Create policy using curl request where specified policy should include non existing
user/group.
> 4. It will be able to create the policy.
>
> With patch same steps will give error “operation denied user/group specified in policy
does not exist in ranger admin.”
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
|