ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-980) User sync does not delete users if they do not exist anymore
Date Tue, 10 May 2016 08:12:12 GMT
Bolke de Bruin created RANGER-980:
-------------------------------------

             Summary: User sync does not delete users if they do not exist anymore
                 Key: RANGER-980
                 URL: https://issues.apache.org/jira/browse/RANGER-980
             Project: Ranger
          Issue Type: Bug
          Components: usersync
    Affects Versions: 0.6.0, 0.5.3
            Reporter: Bolke de Bruin
            Priority: Critical


usersync for all sources creates users and groups, but does not delete them from Ranger's
database if these users and groups do not exists anymore in the original source.

So if you have for example a user called "bob" and bob leaves the company his access rights
will continue to exist in Ranger. If a new employee comes in that is also "bob" he is immediately
granted the same access as the previous employee. This creates security incidents.

In a reasonable complex company it cannot be expected that another user administration is
being taken care of, while deletion could and should happen automatically.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message