Re: Review Request 73306: RANGER-3062 : Even after removing ‘Security Zone’ permission for an user, UI still shows ‘Security Zone’ tab.

Tue, 27 Apr 2021 06:11:19 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73306/
-----------------------------------------------------------

(Updated April 27, 2021, 1:11 p.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, 
Jayendra Parab, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul 
Parikh, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-3062
    https://issues.apache.org/jira/browse/RANGER-3062


Repository: ranger


Description
-------

*_Steps to Reproduce_*
 1) A newly created user : *_user1_*, by default gets access to security zone 
page.
 2) From a admin role user, remove access to Security Zone permission for 
*_user1_*. 
 3) Login with that *_user1_*

Current behaviour : Security Zone details Page is visible for *_user1_*.
 Actual behaviour : *_user1_* should not be allowed to view Security Zone 
details page.


Diffs
-----

  security-admin/src/main/webapp/scripts/utils/XAGlobals.js 5132e8f33 
  security-admin/src/main/webapp/scripts/views/common/ErrorView.js f0a60adfd 
  security-admin/src/main/webapp/templates/common/TopNav_tmpl.html 4b22f6c6c 


Diff: https://reviews.apache.org/r/73306/diff/1/


Testing (updated)
-------

1.Created a user with "User" role and verify whether security zone permission 
bydefault assign to user.
2.Created a user with "User" role and verify "security Zone" tab is visible by 
login from that specific user.
3.Removed a User from Security zone permissions and verify "Security Zone" tab 
is visible or not for that specific user.
4.Created a user using CURL Commands and removed a Security zone permissions 
and verify ""Security Zone"" tab is 
visible or not for that specific user."
5.Created a User using CURL Command and verify "User source" is display as a 
"External User".
6.Created a zones from admin user and verified the zones should be visible by 
login from that specific user.
7.Removed a user from security zone from the admin user ,refreshed the other 
logged in user session and verified 
"401"message getting displayed."
8.Verified direct access URL scenarios when user removed from security zone 
permission.
9.Verify zone is visible for that user which are created from admin usr.
10.Removed the security zones from admin user and verified whether the zone is 
not visible for that user as well.
11.Verify When there is no zone is present then Security Zone drop down on 
listing page would be disabled.
12.Verify admin user is able to create a User with admin role and auditor role 
and checked respective pages getting display
ed accordingly,"


Thanks,

Nitin Galave

Reply via email to