----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71614/#review218229 -----------------------------------------------------------
Fix it, then Ship it! security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java Lines 194 (patched) <https://reviews.apache.org/r/71614/#comment305825> Only the count is needed here; consider avoiding retrieval of entire XXPolicyRefRole objects here. Add a query that will return number of references, and check for "refCount > 1" here - like: Long roleRefCount = daoMgr.getXXPolicyRefRole().findRoleRefCount(roleName); return roleRefCount < 1; Same for line #200. - Madhan Neethiraj On Oct. 16, 2019, 9:26 a.m., Nikhil P wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71614/ > ----------------------------------------------------------- > > (Updated Oct. 16, 2019, 9:26 a.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-2617 > https://issues.apache.org/jira/browse/RANGER-2617 > > > Repository: ranger > > > Description > ------- > > Scenario: > Create a role r1 > Create a ranger policy for role r1 > Try to delete role > Role delete is not allowed as a policy exists with the specified role. > > Response: XXRole can't be deleted > > Expected: > Descriptive message with details on why the operation is not allowed > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > dfc5be89d > > > Diff: https://reviews.apache.org/r/71614/diff/3/ > > > Testing > ------- > > Tested on local VM if descriptive response is given If role delete is not > allowed. > > > Thanks, > > Nikhil P > >
