-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72735/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and
Velmurugan Periasamy.
Bugs: RANGER-2940
https://issues.apache.org/jira/browse/RANGER-2940
Repository: ranger
Description
-------
For AD/LDAP with incremental sync, usersync doesn't cache the user groups
information. When a group memberships are update in AD/LDAP, role assignments
for users in that group need to be recomputed based on the configured rules and
other groups these users belong to. Since Ranger admin has all the information
of all the groups these users belong to, added code to compute roles at ranger
admin side. Added new API to update role assignments for users by passing the
list of users and the configured role assignments from usersync to ranger admin.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 6a5ca7bca
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 8ad5badaf
security-admin/src/main/java/org/apache/ranger/view/VXUsersGroupRoleAssignments.java
PRE-CREATION
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
8dc05b016
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java
4553d020f
Diff: https://reviews.apache.org/r/72735/diff/1/
Testing
-------
1. Patched cluster and tested funcationality by modifying group memberships in
Active Directory
2. Verified existing unit tests are successful
Thanks,
Sailaja Polavarapu
