[ https://issues.apache.org/jira/browse/RANGER-2531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Madhan Neethiraj updated RANGER-2531: ------------------------------------- Issue Type: Bug (was: Improvement) > Removing a user from a group is not reflected properly in unix based sync. > -------------------------------------------------------------------------- > > Key: RANGER-2531 > URL: https://issues.apache.org/jira/browse/RANGER-2531 > Project: Ranger > Issue Type: Bug > Components: usersync > Reporter: Sailaja Polavarapu > Assignee: Sailaja Polavarapu > Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2531-Removing-a-user-from-a-group-is-not-refl.patch > > > Ranger Usersync is configured with Unix sync source. When a user is removed > from a group using "usermod" command, the changes are not propagated to > ranger admin properly. > Also, when a user is removed from a group that is defined in the role > assignment rules (as sys_admin or key_admin), then the user is still marked > with sys_admin or key_admin privilege in range admin. > For example, I have configured > "ranger.usersync.group.based.role.assignment.rules" with value > ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have > Ranger Admin privilege. > Later when a user is removed from hadoop group, then the privilege for this > user should be reset to "User" which is not happening. -- This message was sent by Atlassian Jira (v8.3.4#803005)