[
https://issues.apache.org/jira/browse/RANGER-2531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-2531:
-------------------------------------
Issue Type: Bug (was: Improvement)
> Removing a user from a group is not reflected properly in unix based sync.
> --------------------------------------------------------------------------
>
> Key: RANGER-2531
> URL: https://issues.apache.org/jira/browse/RANGER-2531
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 2.1.0
>
> Attachments:
> 0001-RANGER-2531-Removing-a-user-from-a-group-is-not-refl.patch
>
>
> Ranger Usersync is configured with Unix sync source. When a user is removed
> from a group using "usermod" command, the changes are not propagated to
> ranger admin properly.
> Also, when a user is removed from a group that is defined in the role
> assignment rules (as sys_admin or key_admin), then the user is still marked
> with sys_admin or key_admin privilege in range admin.
> For example, I have configured
> "ranger.usersync.group.based.role.assignment.rules" with value
> ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have
> Ranger Admin privilege.
> Later when a user is removed from hadoop group, then the privilege for this
> user should be reset to "User" which is not happening.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
