[ https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17133587#comment-17133587 ]
Madhan Neethiraj commented on RANGER-2856: ------------------------------------------ The side effect is deleting such policies is potential skipping of audit logs for the resources covered by the policy i.e. if there is no audit-enabled policy that matches the accessed resource, Ranger plugins would not generate audit logs. I suggest to not delete policies having no items automatically. > A policy should be deleted if it has no policyItems > --------------------------------------------------- > > Key: RANGER-2856 > URL: https://issues.apache.org/jira/browse/RANGER-2856 > Project: Ranger > Issue Type: Bug > Components: admin, Ranger > Affects Versions: master > Reporter: RickyMa > Priority: Minor > Fix For: master > > Attachments: RANGER-2856.patch > > Time Spent: 10m > Remaining Estimate: 0h > > Condition: A policy contains only one policyItem and the policyItem only sets > one user and no groups. > Action: Delete the user in the policyItem using API: > '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,] > Result: The policy still exists, but it has no policyItems. A policy with no > policyItems is completely meaningless and it should be deleted. -- This message was sent by Atlassian Jira (v8.3.4#803005)