[
https://issues.apache.org/jira/browse/RANGER-2601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036504#comment-17036504
]
Yijun Wang commented on RANGER-2601:
------------------------------------
We are using Ranger 2.0.0 as well. Here's a user case based on what we observed:
We assign ROLE_ADMIN_AUDITOR to group1, where user1 was part of it. And user1
just got removed from group1 in ldap.
After a ldapsync, user1 is removed from group1 in Ranger. However, it maintains
ROLE_ADMIN_AUDITOR.
For security reason, I think we should removed user1's role ROLE_ADMIN_AUDITOR
which assigned with group1. If user1 doesn't belong to any other group, we
should delete this user.
> Rangerusersync does not remove users from groups
> ------------------------------------------------
>
> Key: RANGER-2601
> URL: https://issues.apache.org/jira/browse/RANGER-2601
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Affects Versions: 2.0.0
> Reporter: t oo
> Priority: Major
>
> Usersync from ldap. Remove a user from a group in ldap. After next usersync
> the user is still in the group
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
