> On March 7, 2018, 10:43 a.m., Zsombor Gegesy wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
> > Lines 580 (patched)
> > <https://reviews.apache.org/r/65914/diff/2/?file=1972206#file1972206line580>
> >
> >     The same blockAuditorRoleUser method is copied everywhere.
> >     
> >     Please move this method to a separate service, and write a unit test 
> > for it. As it is called everywhere it is important to work as expected

@Fatima : I think you can copy that method in RangerBizUtil.java file. see if 
that can fit there and works fine.


- Pradeep


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review198779
-----------------------------------------------------------


On March 7, 2018, 9:03 a.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> -----------------------------------------------------------
> 
> (Updated March 7, 2018, 9:03 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: Ranger-1948
>     https://issues.apache.org/jira/browse/Ranger-1948
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> This Jira is to cater to need of Auditor roles in Ranger Admin.  
> 
> We can introduce Auditor Roles for both the Administrator Roles in Ranger 
> Admin. 
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
> 
> 
> Diffs
> -----
> 
>   security-admin/scripts/rolebasedusersearchutil.py d651461 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 
> 840bb38 
>   security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 224f1a0 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> ecde444 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
>   security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
>   security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
>   security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
> e31e9d7 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> 0e99be1 
>   security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
> bcf9080 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  d3a28f7 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cb7ca52 
>   
> security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 
> 9c19bb0 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
>  6951cbd 
>   security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
> 4227d85 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 87da9a0 
>   unixauthservice/scripts/install.properties 88bce69 
> 
> 
> Diff: https://reviews.apache.org/r/65914/diff/2/
> 
> 
> Testing
> -------
> 
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits 
> and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see 
> permission tab.
> 8.Auditor role users are  not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties 
> install.properties of usersync during initial start of usersync.Property 
> value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
> &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Reply via email to