Sailaja Polavarapu created RANGER-2997: ------------------------------------------
Summary: Ranger usersync role assignment issues Key: RANGER-2997 URL: https://issues.apache.org/jira/browse/RANGER-2997 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Sailaja Polavarapu Assignee: Sailaja Polavarapu Fix For: 3.0.0, 2.2.0 When syncing users from LDAP and AD following two scenarios fail (unix user syncing is not affected) when checking role assignments. Setup: two groups with 5 members in total: rangerdeltaGrp01: rangerdelta00,rangerdelta01,rangerdelta04 rangerdeltaGrp02: rangerdelta02,rangerdelta03,rangerdelta04 User rangerdelta04 is member of both groups. Scenario 1: - 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02' - expected: rangerdelta04 has only KEY_ADMIN role - actual: has both KEY_ADMIN and SYS_ADMIN roles Scenario 2: - 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02&ROLE_SYS_ADMIN:u:rangerdelta04' - expected: rangerdelta04 is SYS_ADMIN - actual: it is not -- This message was sent by Atlassian Jira (v8.3.4#803005)