[
https://issues.apache.org/jira/browse/RANGER-2997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Velmurugan Periasamy updated RANGER-2997:
-----------------------------------------
Reporter: Csaba Koncz (was: Sailaja Polavarapu)
> Ranger usersync role assignment issues
> --------------------------------------
>
> Key: RANGER-2997
> URL: https://issues.apache.org/jira/browse/RANGER-2997
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.1.0
> Reporter: Csaba Koncz
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
> Attachments:
> 0001-RANGER-2997-Fixed-role-assignment-code-to-assign-onl.patch
>
>
> When syncing users from LDAP and AD following two scenarios fail (unix user
> syncing is not affected) when checking role assignments.
> Setup: two groups with 5 members in total:
> rangerdeltaGrp01: rangerdelta00,rangerdelta01,rangerdelta04
> rangerdeltaGrp02: rangerdelta02,rangerdelta03,rangerdelta04
> User rangerdelta04 is member of both groups.
> Scenario 1:
> -
> 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02'
> - expected: rangerdelta04 has only KEY_ADMIN role
> - actual: has both KEY_ADMIN and SYS_ADMIN roles
> Scenario 2:
> -
> 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02&ROLE_SYS_ADMIN:u:rangerdelta04'
> - expected: rangerdelta04 is SYS_ADMIN
> - actual: it is not
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
