----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72870/#review221863 -----------------------------------------------------------
Ship it! Ship It! - Velmurugan Periasamy On Sept. 15, 2020, 8:41 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72870/ > ----------------------------------------------------------- > > (Updated Sept. 15, 2020, 8:41 p.m.) > > > Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-2997 > https://issues.apache.org/jira/browse/RANGER-2997 > > > Repository: ranger > > > Description > ------- > > Role is assigned to a user based on role assignment rules configured in > ranger usersync. role assignment rules can be defined at user level or group > level. role assignment rule at user level takes precedence. If rule is > defined as follows, and user1 belongs to both groups > 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02' > then user1 will get the role of "ROLE_KEY_ADMIN". > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 323d3d376 > > > Diff: https://reviews.apache.org/r/72870/diff/1/ > > > Testing > ------- > > 1. Patched cluster and verified multiple combinations with AD/LDAP > 2. Also verified role are updated properly when group memberships of the user > are updated at the sync source > > > Thanks, > > Sailaja Polavarapu > >