Re: Review Request 71800: RANGER-2649 : Unix user doesn't get 'Admin' role when set through assignment rules

Fri, 22 Nov 2019 03:33:23 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71800/#review218757
-----------------------------------------------------------


Ship it!




Ship It!

- Gautam Borad


On Nov. 22, 2019, 8:52 a.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71800/
> -----------------------------------------------------------
> 
> (Updated Nov. 22, 2019, 8:52 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, Nikhil 
> P, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2649
>     https://issues.apache.org/jira/browse/RANGER-2649
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Preconditions : 
> User sync source is set to Unix (ranger.usersync.source.impl.class set to 
> org.apache.ranger.unixusersync.process.UnixUserGroupBuilder)
> user2 is a unix user, and user2 is deleted in Ranger
> 
> Steps : 
> 1.) Set ranger.usersync.group.based.role.assignment.rules to 
> ROLE_SYS_ADMIN:u:user2
> 2.) Restart Ranger
> 3.) In ranger admin page go to Settings -> Users/Groups. Look for user2, and 
> observe it has the role 'User'
> 4.) Restart Ranger again
> 5.) Repeat step 3. but this time observe that user2 has the role 'Admin'
> 
> 
> Expected behaviour : 
> user2 should get 'Admin' role right after the first restart.
> 
> 
> Diffs
> -----
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  c113ece 
> 
> 
> Diff: https://reviews.apache.org/r/71800/diff/1/
> 
> 
> Testing
> -------
> 
> 1.Successfully tested the role is getting set for username which is assigned 
> in ranger.usersync.group.based.role.assignment.rules in first sync itself.
> 2.Successfully tested the role is getting set for groupname which is assigned 
> in ranger.usersync.group.based.role.assignment.rules in first sync itself.
> 3.Tested roles are getting changed when users are already synced.
> 4.Successfully tested, user with admin role when removed from group then user 
> is getting set to USER_ROLE.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Reply via email to