Sailaja Polavarapu created RANGER-2531:
------------------------------------------
Summary: Removing a user from a group is not reflected properly in
unix based sync.
Key: RANGER-2531
URL: https://issues.apache.org/jira/browse/RANGER-2531
Project: Ranger
Issue Type: Improvement
Components: usersync
Reporter: Sailaja Polavarapu
Assignee: Sailaja Polavarapu
Ranger Usersync is configured with Unix sync source. When a user is removed
from a group using "usermod" command, the changes are not propagated to ranger
admin properly.
Also, when a user is removed from a group that is defined in the role
assignment rules (as sys_admin or key_admin), then the user is still marked
with sys_admin or key_admin privilege in range admin.
For example, I have configured
"ranger.usersync.group.based.role.assignment.rules" with value
""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have
Ranger Admin privilege.
Later when a user is removed from hadoop group, then the privilege for this
user should be reset to "User" which is not happening.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
