[
https://issues.apache.org/jira/browse/RANGER-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nikhil Purbhe updated RANGER-2618:
----------------------------------
Description:
When we try to delete a role associated with a ranger policy, the operation is
not allowed. Likewise, role edit for rolename change also should be restricted.
Reason:
Rolename edit is allowed and the ranger policy still exists with old rolename
reference. Policy enforcement happens as per old policy. Rolename change is not
taken into consideration during policy download.
similarly for role which exist in another role rolename update should be
restricted
was:
When we try to delete a role associated with a ranger policy, the operation is
not allowed. Likewise, role edit for rolename change also should be restricted.
Reason:
Rolename edit is allowed and the ranger policy still exists with old rolename
reference. Policy enforcement happens as per old policy. Rolename change is not
taken into consideration during policy download.
> Restrict rolename change when a policy/another role with that role exist
> ------------------------------------------------------------------------
>
> Key: RANGER-2618
> URL: https://issues.apache.org/jira/browse/RANGER-2618
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: suja s
> Assignee: Nikhil Purbhe
> Priority: Major
>
> When we try to delete a role associated with a ranger policy, the operation
> is not allowed. Likewise, role edit for rolename change also should be
> restricted.
> Reason:
> Rolename edit is allowed and the ranger policy still exists with old rolename
> reference. Policy enforcement happens as per old policy. Rolename change is
> not taken into consideration during policy download.
> similarly for role which exist in another role rolename update should be
> restricted
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
