-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/
-----------------------------------------------------------
(Updated March 7, 2018, 9:03 a.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni,
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and
Sailaja Polavarapu.
Bugs: Ranger-1948
https://issues.apache.org/jira/browse/Ranger-1948
Repository: ranger
Description
-------
This Jira is to cater to need of Auditor roles in Ranger Admin.
We can introduce Auditor Roles for both the Administrator Roles in Ranger
Admin.
* Auditor (Readonly privileges from current Admin role user )
* KMS Auditor (Readonly privileges from current Keydmin role user )
Diffs (updated)
-----
security-admin/scripts/rolebasedusersearchutil.py d651461
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7
security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38
security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
ecde444
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f
security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa
security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
e31e9d7
security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
0e99be1
security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
bcf9080
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
d3a28f7
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52
security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
9c19bb0
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
6951cbd
security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
4227d85
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
87da9a0
unixauthservice/scripts/install.properties 88bce69
Diff: https://reviews.apache.org/r/65914/diff/2/
Changes: https://reviews.apache.org/r/65914/diff/1-2/
Testing
-------
Tested scenario's:
1.Tested admin user is able to create User role user.
2.Tested admin user is able to create Auditor role user.
3.Tested admin user is not able to create kms auditor role user.
4.Tested keyadmin user is able to create kms auditor.
5.Tested auditor is able to only view policies, users, services and audits.
6.Tested kms auditor is able to only view policies, users, services, audits and
keys.
7.Tested auditor is able to see permission tab but kms auditor should not see
permission tab.
8.Auditor role users are not allowed to import/export policies
9.Verified syncing of users from auditor role :: if we add them in properties
install.properties of usersync during initial start of usersync.Property value
in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES=
&ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
Thanks,
Fatima Khan
