[
https://issues.apache.org/jira/browse/RANGER-3590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17481867#comment-17481867
]
Pradeep Agrawal commented on RANGER-3590:
-----------------------------------------
revert commit :
https://github.com/apache/ranger/commit/e5c7ee70239be8e6a1df877deac3dded4ab7fc29
> User with Auditor role in security zone can change a policy's name and
> description
> ----------------------------------------------------------------------------------
>
> Key: RANGER-3590
> URL: https://issues.apache.org/jira/browse/RANGER-3590
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Dineshkumar Yadav
> Assignee: Dineshkumar Yadav
> Priority: Major
> Fix For: 3.0.0
>
>
> h3. Reproduction
> h3. Precondition
> # User hrt_2, and hrt_3 have roles User in Ranger.
> # Create a security zone with name "test_security_zone" and with:
> Admin users: hrt_2
> Auditor Users: hrt_3
> Resource Services: cm_hive, and for database test_db
> # Login as hrt_2, and create a hive policy named "test_security_zone_policy"
> with arbitrary content.
> h4. Test steps
> # Login as hrt_3 and try to create a new hive policy
> "new_test_security_zone_policy" with arbitrary content.
> # As hrt_3, try to change the name or description of
> "test_security_zone_policy".
> # As hrt_3, try to change the resource, or permissions of
> "test_security_zone_policy" (e.g. add another database, or add a new user to
> Allow Conditions)
> h4. Expected behavior
> # Creation of new policy should be denied for hrt_3.
> # Update of already existing policy's name or description should be denied
> for hrt_3.
> # Update of resources, permissions should be denied for hrt_3.
> h4. Actual behavior
> # Creation of new policy is denied as expected.
> # Update succeeds.
> # Trying to update resources or permission results in access denied, as
> expected.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
