[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17134924#comment-17134924
]
Madhan Neethiraj commented on RANGER-2856:
------------------------------------------
Current callers of {{ServiceDBStore.updatePolicy()}} API, including the
following REST endpoints, expect to receive the updated policy as the return
value. If the policy is implicitly deleted, null is returned and the callers
need to be updated to handle this new behavior. Given there are applications
using REST APIs to integrate with Ranger, this change in behavior could cause
such integrations to break. Hence I suggest for a separate API to cleanup
policies that have no impact in authorization/audit.
- PublicAPIsv2.updatePolicy()
- PublicAPIsv2.updatePolicyByName()
- ServiceREST.updatePolicy()
- ServiceREST.createPolicy()
- ServiceREST.applyPolicy()
> A policy should be deleted if it has no policyItems
> ---------------------------------------------------
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
> Affects Versions: master
> Reporter: RickyMa
> Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
