-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73466/
-----------------------------------------------------------
(Updated July 20, 2021, 1:58 p.m.)
Review request for ranger, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3343
https://issues.apache.org/jira/browse/RANGER-3343
Repository: ranger
Description (updated)
-------
There are two external users : ranger_user(user role) and ranger_admin (admin
role).
ranger_user is granted a delegated-admin privilege on some resource.
Log in to Ranger admin GUI from as ranger_admin and change the policy (first
policy item) for the resource.
Wait for policy sync. policy cache json is correct and it has both policy item
entries.
Log in to Ranger admin GUI as ranger_user user and change the policy to add
another policy item (second policy-item) with the delegated-admin box unchecked.
Wait for policy sync. policy cache json is incorrect and it has only first
policy item entry.
The fix ensures that the policy cache is not modified during creation of
delegated-admin processing policy engine.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
99ae598a0
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
03e37fe3d
Diff: https://reviews.apache.org/r/73466/diff/1/
Testing
-------
Tested the scenario and ensured that the Policy-cache is not modified, and the
downloaded policies are same as the database copy.
Thanks,
Abhay Kulkarni
