[
https://issues.apache.org/jira/browse/RANGER-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3360:
------------------------------------
Fix Version/s: (was: 2.0.1)
2.2.0
> non delegate admin user are able to grant access even without having delegate
> admin priv
> ----------------------------------------------------------------------------------------
>
> Key: RANGER-3360
> URL: https://issues.apache.org/jira/browse/RANGER-3360
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0, 2.2.0
> Reporter: Pradeep Agrawal
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> # create ranger admin policy for hrt_21 to allow all the privilege
> # use hrt_21 user to grant the privilege with grant option to user hrt_11
> # use hrt_21 user to grant the privilege without grant option to user hrt_12
> # use hrt_12 user to grant the privilege to any other user eg: hrt_13
> Expected Result: hrt_12 should not be able to grant privilege to any other
> user as delegate admin/grant option is false for
> Actual Result: hrt_12 successfully able to grant privilege to other users
> audit shows that operation was allowed by the same policy when actor does not
> have delegate admin privilege
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
