> On Oct. 5, 2021, 1:23 a.m., Madhan Neethiraj wrote: > > Abhay - updates look good. Please review following methods as well: > > grantAccess(), revokeAccess().
Reviewed - Abhay ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73627/#review223565 ----------------------------------------------------------- On Oct. 5, 2021, 12:27 a.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73627/ > ----------------------------------------------------------- > > (Updated Oct. 5, 2021, 12:27 a.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3462 > https://issues.apache.org/jira/browse/RANGER-3462 > > > Repository: ranger > > > Description > ------- > > Steps to reproduce the issue: > > Create users in Ranger alice, bob, and charlie. Alice has admin role, bob and > charlie has user role. > Create an HDFS policy with name "test-delegate-admin" as alice. In that > policy there 2 policy items; one for bob, and the other for alice with RWX > permissions with "Delegate Admin". > Log in as bob, and edited the policy item for bob: removed Write permission. > After saving the policy bob is not able to see to policy anymore. It only > becomes visible after the Write permission is restored. > > > Fix involves: > 1. When a policy is updated, the policy-items are segregated based on users > specified in the policy-item. > 2. For admin users, updates to permissions are not checked. > 3. For the user/group/role updating the policy, only admin permission is > checked in all delegated-admin policies. > 4. For other users all requested permissions are checked against other > delegated-admin policies. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java > e2a0884a6 > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java > a6f0a1a2a > > security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java > 090384b7b > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > f1123d19c > > > Diff: https://reviews.apache.org/r/73627/diff/2/ > > > Testing > ------- > > Verified the fix by testing the repro scenario outlined above. > Passed all unit tests. > > > Thanks, > > Abhay Kulkarni > >
