[jira] [Commented] (RANGER-2618) Restrict rolename change when a policy/another role with that role exist

Nikhil Purbhe (Jira) Thu, 17 Oct 2019 04:45:35 -0700


    [ 
https://issues.apache.org/jira/browse/RANGER-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16953661#comment-16953661
 ]


Nikhil Purbhe commented on RANGER-2618:
---------------------------------------

patch committed on apache 
[master|https://github.com/apache/ranger/commit/c267ee7ef05078eea77770f7a4701d3189d05ca1]

> Restrict rolename change when a policy/another role with that role exist
> ------------------------------------------------------------------------
>
>                 Key: RANGER-2618
>                 URL: https://issues.apache.org/jira/browse/RANGER-2618
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: suja s
>            Assignee: Nikhil Purbhe
>            Priority: Major
>
> When we try to delete a role associated with a ranger policy, the operation 
> is not allowed. Likewise, role edit for rolename change also should be 
> restricted.
> Reason:
> Rolename edit is allowed and the ranger policy still exists with old rolename 
> reference. Policy enforcement happens as per old policy. Rolename change is 
> not taken into consideration during policy download.
>  similarly for role which exist in another role rolename update should be 
> restricted



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2618) Restrict rolename change when a policy/another role with that role exist

Reply via email to