----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/#review198779 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java Lines 133 (patched) <https://reviews.apache.org/r/65914/#comment279017> session is not null here security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java Lines 738 (patched) <https://reviews.apache.org/r/65914/#comment279018> session is not null here security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java Lines 580 (patched) <https://reviews.apache.org/r/65914/#comment279019> The same blockAuditorRoleUser method is copied everywhere. Please move this method to a separate service, and write a unit test for it. As it is called everywhere it is important to work as expected - Zsombor Gegesy On March 7, 2018, 9:03 a.m., Fatima Khan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65914/ > ----------------------------------------------------------- > > (Updated March 7, 2018, 9:03 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: Ranger-1948 > https://issues.apache.org/jira/browse/Ranger-1948 > > > Repository: ranger > > > Description > ------- > > This Jira is to cater to need of Auditor roles in Ranger Admin. > > We can introduce Auditor Roles for both the Administrator Roles in Ranger > Admin. > * Auditor (Readonly privileges from current Admin role user ) > * KMS Auditor (Readonly privileges from current Keydmin role user ) > > > Diffs > ----- > > security-admin/scripts/rolebasedusersearchutil.py d651461 > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 > security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java > 840bb38 > security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > 224f1a0 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ecde444 > security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f > security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 > security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa > security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java > e31e9d7 > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java > 0e99be1 > security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java > bcf9080 > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > d3a28f7 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > cb7ca52 > > security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java > 9c19bb0 > security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 > > security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java > 6951cbd > security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java > 4227d85 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 87da9a0 > unixauthservice/scripts/install.properties 88bce69 > > > Diff: https://reviews.apache.org/r/65914/diff/2/ > > > Testing > ------- > > Tested scenario's: > 1.Tested admin user is able to create User role user. > 2.Tested admin user is able to create Auditor role user. > 3.Tested admin user is not able to create kms auditor role user. > 4.Tested keyadmin user is able to create kms auditor. > 5.Tested auditor is able to only view policies, users, services and audits. > 6.Tested kms auditor is able to only view policies, users, services, audits > and keys. > 7.Tested auditor is able to see permission tab but kms auditor should not see > permission tab. > 8.Auditor role users are not allowed to import/export policies > 9.Verified syncing of users from auditor role :: if we add them in properties > install.properties of usersync during initial start of usersync.Property > value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= > &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName > > > Thanks, > > Fatima Khan > >