[ https://issues.apache.org/jira/browse/RANGER-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal reopened RANGER-3590: ------------------------------------- > User with Auditor role in security zone can change a policy's name and > description > ---------------------------------------------------------------------------------- > > Key: RANGER-3590 > URL: https://issues.apache.org/jira/browse/RANGER-3590 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Dineshkumar Yadav > Assignee: Dineshkumar Yadav > Priority: Major > Fix For: 3.0.0 > > > h3. Reproduction > h3. Precondition > # User hrt_2, and hrt_3 have roles User in Ranger. > # Create a security zone with name "test_security_zone" and with: > Admin users: hrt_2 > Auditor Users: hrt_3 > Resource Services: cm_hive, and for database test_db > # Login as hrt_2, and create a hive policy named "test_security_zone_policy" > with arbitrary content. > h4. Test steps > # Login as hrt_3 and try to create a new hive policy > "new_test_security_zone_policy" with arbitrary content. > # As hrt_3, try to change the name or description of > "test_security_zone_policy". > # As hrt_3, try to change the resource, or permissions of > "test_security_zone_policy" (e.g. add another database, or add a new user to > Allow Conditions) > h4. Expected behavior > # Creation of new policy should be denied for hrt_3. > # Update of already existing policy's name or description should be denied > for hrt_3. > # Update of resources, permissions should be denied for hrt_3. > h4. Actual behavior > # Creation of new policy is denied as expected. > # Update succeeds. > # Trying to update resources or permission results in access denied, as > expected. -- This message was sent by Atlassian Jira (v8.20.1#820001)