[
https://issues.apache.org/jira/browse/RANGER-3404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani updated RANGER-3404:
--------------------------------
Fix Version/s: 3.0.0
2.2.0
> user with no permissions can access and edit deligate admin only policies
> -------------------------------------------------------------------------
>
> Key: RANGER-3404
> URL: https://issues.apache.org/jira/browse/RANGER-3404
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Abhay Kulkarni
> Assignee: Abhay Kulkarni
> Priority: Major
> Fix For: 3.0.0, 2.2.0
>
>
> From a user this was created by:
> -created new regular user in ranger with no groups or anything.
> -that user can see policies that he shouldn't (only ones with just delegate
> admin rights).
> -If a policy has a delegate admin, this user can see and edit it, but cannot
> add more permissions to the policy. Also, user can create a new policy, but
> it is only with no permissions and for delegating admin to other users -
> again with no permissions.
> -If policy has anything on top of delegate admin, then the user gets denied
> properly.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
