----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71800/#review218757 -----------------------------------------------------------
Ship it! Ship It! - Gautam Borad On Nov. 22, 2019, 8:52 a.m., Dhaval Shah wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71800/ > ----------------------------------------------------------- > > (Updated Nov. 22, 2019, 8:52 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, Nikhil > P, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2649 > https://issues.apache.org/jira/browse/RANGER-2649 > > > Repository: ranger > > > Description > ------- > > Preconditions : > User sync source is set to Unix (ranger.usersync.source.impl.class set to > org.apache.ranger.unixusersync.process.UnixUserGroupBuilder) > user2 is a unix user, and user2 is deleted in Ranger > > Steps : > 1.) Set ranger.usersync.group.based.role.assignment.rules to > ROLE_SYS_ADMIN:u:user2 > 2.) Restart Ranger > 3.) In ranger admin page go to Settings -> Users/Groups. Look for user2, and > observe it has the role 'User' > 4.) Restart Ranger again > 5.) Repeat step 3. but this time observe that user2 has the role 'Admin' > > > Expected behaviour : > user2 should get 'Admin' role right after the first restart. > > > Diffs > ----- > > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > c113ece > > > Diff: https://reviews.apache.org/r/71800/diff/1/ > > > Testing > ------- > > 1.Successfully tested the role is getting set for username which is assigned > in ranger.usersync.group.based.role.assignment.rules in first sync itself. > 2.Successfully tested the role is getting set for groupname which is assigned > in ranger.usersync.group.based.role.assignment.rules in first sync itself. > 3.Tested roles are getting changed when users are already synced. > 4.Successfully tested, user with admin role when removed from group then user > is getting set to USER_ROLE. > > > Thanks, > > Dhaval Shah > >