Re: Review Request 73736: A delegate admin user should be able to add another user with all or subset of permissions they haveA delegate admin user should be able to add another user with all or subset of permissions they have

Fri, 03 Dec 2021 14:38:10 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73736/#review223802
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On Dec. 3, 2021, 6:06 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73736/
> -----------------------------------------------------------
> 
> (Updated Dec. 3, 2021, 6:06 p.m.)
> 
> 
> Review request for ranger, Kishor Gollapalliwar, Madhan Neethiraj, Ramesh 
> Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3535
>     https://issues.apache.org/jira/browse/RANGER-3535
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Steps to reproduce:
> 
> Login to Ranger Admin as admin user
> Create normal users (steve, peter, erwin, bob) in Ranger Admin
> Create new policy p1 with resource /p1 & allowed users steve (read, 
> delegate-admin) & peter (read, delegate-admin)
> Create new policy p2 with resource /p2 & allowed users steve (read, write, 
> delegate-admin) & peter (read, delegate-admin)
> Create new policy p3 with resource /p3 & allowed users steve (write, 
> delegate-admin) & peter (read, delegate-admin)
> Create new policy p4 with resource /p4 & allowed users bob (read, write) & 
> peter (read, delegate-admin)
> Log out as admin user, and login again as peter
> Try to add user erwin (read) in p1, p2, p3 & p4
> delegate admin user peter should be able to add user erwin in all policies, 
> but other than p1 rest all fails.
> Requirement:
> 
> Delegate admin user should be able to add other users with permissions less 
> or equal to his/ her.
> Delegate admin user should not be able to add other users with permission 
> more than what he/ she possesses. Basically he/ she can give permissions, all 
> or sub-set of permissions he/ she possesses.
> Delegate admin user should not be able to add more permissions to his own.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
>  c84d0bc9f 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> 5311a54a2 
> 
> 
> Diff: https://reviews.apache.org/r/73736/diff/4/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to