----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72626/#review221191 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On July 10, 2020, 11:22 a.m., Dineshkumar Yadav wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72626/ > ----------------------------------------------------------- > > (Updated July 10, 2020, 11:22 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, > Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. > > > Repository: ranger > > > Description > ------- > > Ranger user having role as "user" with delegate admin permission able to > create policy which has non-existing users/groups/roles in the specified > policy. > only admin users should be able to create policy with new users/groups/roles > on the fly creation of users/groups/roles. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 6bd06f484 > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > 4fb21a094 > security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java > ff8e2ba43 > > > Diff: https://reviews.apache.org/r/72626/diff/2/ > > > Testing > ------- > > Without patch steps > 1. Create user with role “user” > 2. Give him delegate admin role. > 3. Create policy using curl request where specified policy should > include non existing user/group. > 4. It will be able to create the policy. > > With patch same steps will give error “operation denied user/group specified > in policy does not exist in ranger admin.” > > > Thanks, > > Dineshkumar Yadav > >
