Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger role is allowed to delete, even if its used in audit filters

Dineshkumar Yadav Thu, 24 Jun 2021 00:18:37 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/
-----------------------------------------------------------


(Updated June 24, 2021, 7:18 a.m.)


Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, 
Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, 
and Vishal Suvagia.


Bugs: RANGER-3259
    https://issues.apache.org/jira/browse/RANGER-3259


Repository: ranger


Description
-------

Observed that we are able to delete ranger role, even if the role is used in 
ranger audit filters in some service plugin.
Similar observation was found for User & Group.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 6483bbe1d 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
50ab32f9b 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644 
  security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 
00d1a32b7 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f 


Diff: https://reviews.apache.org/r/73432/diff/2/

Changes: https://reviews.apache.org/r/73432/diff/1-2/


Testing
-------

Testing  Done
 use case :1 
 Delete User when that user is present in ranger audit filters in some service 
plugin.
 use case :2 
 Delete Group when that group is present in ranger audit filters in some 
service plugin.
 use case :3 
 Delete Role when that role is present in ranger audit filters in some service 
plugin.


Thanks,

Dineshkumar Yadav

Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger role is allowed to delete, even if its used in audit filters

Reply via email to