----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71615/#review218226 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java Lines 125 (patched) <https://reviews.apache.org/r/71615/#comment305821> To be consistent with validation on https://reviews.apache.org/r/71614/ check if role is part of other roles. - Velmurugan Periasamy On Oct. 15, 2019, 1:54 p.m., Nikhil P wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71615/ > ----------------------------------------------------------- > > (Updated Oct. 15, 2019, 1:54 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2618 > https://issues.apache.org/jira/browse/RANGER-2618 > > > Repository: ranger > > > Description > ------- > > When we try to delete a role associated with a ranger policy, the operation > is not allowed. Likewise, role edit for rolename change also should be > restricted. > Reason: > Rolename edit is allowed and the ranger policy still exists with old rolename > reference. Policy enforcement happens as per old policy. Rolename change is > not taken into consideration during policy download. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > dfc5be89d > > > Diff: https://reviews.apache.org/r/71615/diff/2/ > > > Testing > ------- > > Tested on local vm whether rolename update is restricted if it exists in any > policy. > > > Thanks, > > Nikhil P > >
