[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17133901#comment-17133901
]
RickyMa commented on RANGER-2856:
---------------------------------
[~madhan] : I added an if condition to dispel your worries about audit logs.
In our situation, we have a very high employee turnover rate and large numbers
of employees. So we need to delete users in Ranger more frequently than others.
That's why we are more likely to face this issue.
We have tens of thousands of policies in Ranger and as time goes by, most of
them will be meaningless policies which have no policyItems.
And this can be a great performance issue in our condition. Because a large
number of useless policies are synchronized to plugins every time the policies
are updated(created,updated,deleted). And every time Ranger is managing an
access control, it has to filter a lot of redundant policies. This is a great
performance issue as I think.
> A policy should be deleted if it has no policyItems
> ---------------------------------------------------
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
> Affects Versions: master
> Reporter: RickyMa
> Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
