ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gautam Borad" <gbo...@gmail.com>
Subject Review Request 40703: RANGER-743 : External users with Admin Role should be allowed to create/update users
Date Thu, 26 Nov 2015 03:08:56 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40703/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-743
    https://issues.apache.org/jira/browse/RANGER-743


Repository: ranger


Description
-------

Patch contains changes that allows External Users having ADMIN role to Create new users in
Ranger Admin. It was working before, and it failed after RANGER-630


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ee9d14b 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 3f2c041 
  security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
40b08c4 

Diff: https://reviews.apache.org/r/40703/diff/


Testing
-------

**Env:**
OS : Linux
DataBase : MySQL/Any

**Issue:** External users are not allowed to create/update Ranger user.
**Steps Performed:** a) Installed Ranger usersync with 'unix' sync method.
b) Logged in from admin user and assigned 'ADMIN' role to a newly synced user from Ranger
UI, Logged out from Admin user. 
c) Logged in from synced user having 'ADMIN' role.
d) Tried to create a user from Ranger Admin UI.
**Expected Result:** User should have been created.
**Actual Result:** Create user request failed and message was displayed 'Error Creating user'.
**Proposed Solution:** After receiving successful auth token of external users from Unix/LDAP/AD
server, fetch authenticated user roles from DB and wrap in authenticated object so that spring
security module can read assigned role. PreAuthorise Annotation mapped in REST API/method
shall allow Only users authenticated with particular roles.
**Testing done with patch:** 1) UNIX/LDAP/AD users can create and update users.


Thanks,

Gautam Borad


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message