----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68096/ -----------------------------------------------------------
Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy. Bugs: RANGER-2168 https://issues.apache.org/jira/browse/RANGER-2168 Repository: ranger Description ------- **Problem Statement:** Currently only user with admin role or a delegated admin user can create the policy. We can possibly have a service admin user who can be allowed to create policy. Such users can be configured in the service config itself and can be removed by admin anytime. **Proposed Solution:** Allow admin/keyadmin role users to add a custom service config property 'service.admin.users' through service page. Users provided in 'service.admin.users' can be internal or external and can have any role. Users provided in 'service.admin.users' should able to create/update/delete/view policies of that ranger service. Diffs ----- security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 8efc950ce security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java e4449df2e Diff: https://reviews.apache.org/r/68096/diff/1/ Testing ------- **Steps Performed:** Created an internal user testuser in the Ranger admin. Added a hive service 'hivedev' in Ranger. **Action-1**: Logged in from 'testuser' and tried to create a policy 'testpolicy' in 'hivedev' service. **Expected Behaviour**: Policy creation should fail. **Actual Behaviour**: Policy creation failed. **Action-2.1**: Logged in from ranger admin user and added a custom property 'service.admin.users' in 'hivedev' service and provided value 'testuser' in the given text box. Saved the 'hivedev' service. **Action-2.2**: Logged in from 'testuser' and tried to create a policy 'testpolicy' in 'hivedev' service. **Expected Behaviour**: Policy creation should successful. **Actual Behaviour**: Policy creation finished successfully. Tested Policy updation and deletion which also executed successfully. **Action-3.1**: Logged in from ranger admin user and removed custom property 'service.admin.users' from 'hivedev' service. Saved the 'hivedev' service. **Action-3.2**: Logged in from 'testuser' and tried to create a policy 'testpolicy1' in 'hivedev' service. **Expected Behaviour**: Policy creation should fail. **Actual Behaviour**: Policy creation failed. Thanks, Pradeep Agrawal