Re: Review Request 72735: RANGER-2940: Added code to update user roles when group memberships are changed with AD/LDAP incremental sync

Mon, 24 Aug 2020 10:15:44 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72735/#review221688
-----------------------------------------------------------


Ship it!




Ship It!

- Abhay Kulkarni


On Aug. 5, 2020, 6:30 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72735/
> -----------------------------------------------------------
> 
> (Updated Aug. 5, 2020, 6:30 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2940
>     https://issues.apache.org/jira/browse/RANGER-2940
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> For AD/LDAP with incremental sync, usersync doesn't cache the user groups 
> information. When a group memberships are update in AD/LDAP, role assignments 
> for users in that group need to be recomputed based on the configured rules 
> and other groups these users belong to. Since Ranger admin has all the 
> information of all the groups these users belong to, added code to compute 
> roles at ranger admin side. Added new API to update role assignments for 
> users by passing the list of users and the configured role assignments from 
> usersync to ranger admin.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 6a5ca7bca 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 
> 8ad5badaf 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXUsersGroupRoleAssignments.java
>  PRE-CREATION 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
>  8dc05b016 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UserGroupList.java 
> 4553d020f 
> 
> 
> Diff: https://reviews.apache.org/r/72735/diff/1/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster and tested funcationality by modifying group memberships 
> in Active Directory
> 2. Verified existing unit tests are successful
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Reply via email to