----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72626/ -----------------------------------------------------------
(Updated July 10, 2020, 11:22 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. Changes ------- change code for specific message for handling different scenario Repository: ranger Description ------- Ranger user having role as "user" with delegate admin permission able to create policy which has non-existing users/groups/roles in the specified policy. only admin users should be able to create policy with new users/groups/roles on the fly creation of users/groups/roles. Diffs (updated) ----- security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 6bd06f484 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 4fb21a094 security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java ff8e2ba43 Diff: https://reviews.apache.org/r/72626/diff/2/ Changes: https://reviews.apache.org/r/72626/diff/1-2/ Testing ------- Without patch steps 1. Create user with role “user” 2. Give him delegate admin role. 3. Create policy using curl request where specified policy should include non existing user/group. 4. It will be able to create the policy. With patch same steps will give error “operation denied user/group specified in policy does not exist in ranger admin.” Thanks, Dineshkumar Yadav