----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72626/ -----------------------------------------------------------
(Updated July 1, 2020, 7:05 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. Repository: ranger Description ------- Ranger user having role as "user" with delegate admin permission able to create policy which has non-existing users/groups/roles in the specified policy. only admin users should be able to create policy with new users/groups/roles on the fly creation of users/groups/roles. Diffs ----- security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 9ce481c63 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 4fb21a094 security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java ff8e2ba43 Diff: https://reviews.apache.org/r/72626/diff/1/ Testing ------- Without patch steps 1. Create user with role “user” 2. Give him delegate admin role. 3. Create policy using curl request where specified policy should include non existing user/group. 4. It will be able to create the policy. With patch same steps will give error “operation denied user/group specified in policy does not exist in ranger admin.” Thanks, Dineshkumar Yadav
