[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17134919#comment-17134919
]
RickyMa commented on RANGER-2856:
---------------------------------
[~madhan] - Alright, I can add this REST API. But I am still a little confused
about this. After discussing this issue with my collegues, we all think that
deleting a policy which has no policyItems and audit log is disabled is
completely safe. There will be only benefits and no harm. A policy like this is
useless and it will only increase overhead expense. Especially when you have
tens of thousands of policies like this in your system, which is a serious
performance issue.
Could you please explain it to me why we should keep such policies? Thanks a
lot.
> A policy should be deleted if it has no policyItems
> ---------------------------------------------------
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
> Affects Versions: master
> Reporter: RickyMa
> Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
