[jira] [Commented] (RANGER-4177) policy create/update should fail when it references non-existing user/group/role

Thu, 08 Jun 2023 23:28:05 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17730830#comment-17730830
 ] 

Pradeep Agrawal commented on RANGER-4177:
-----------------------------------------

No, The issue was not introduced in RANGER-3562 

if you look at the 
[diff|https://github.com/apache/ranger/commit/df07b0da94dced97e6022b1d0d243c8b2e358803#diff-313296276b1fe981df4dd008fc32c5d44c6930845f68a217e761ce02b5eea9f1]
 of  RANGER-3562 and refer the 
[PolicyRefUpdater.java|https://github.com/apache/ranger/commit/df07b0da94dced97e6022b1d0d243c8b2e358803#diff-313296276b1fe981df4dd008fc32c5d44c6930845f68a217e761ce02b5eea9f1]
 file previous changes , diff was like this for the user creation process 
(similar changes were there for groups as well).

!Screenshot 2023-06-09 at 11.46.22 AM.png!

 

 

This was a feature added in 
[commit|http://https//github.com/apache/ranger/commit/d6e0e9af2446d023e68df1e21221d8bf1190615d]
 of [RANGER-2660|https://reviews.apache.org/r/71616/] 

> policy create/update should fail when it references non-existing 
> user/group/role
> --------------------------------------------------------------------------------
>
>                 Key: RANGER-4177
>                 URL: https://issues.apache.org/jira/browse/RANGER-4177
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 2.3.0, 2.4.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: RANGER-4177.patch, Screenshot 2023-06-09 at 11.46.22 
> AM.png
>
>
> During create/update of a policy, non-existing users/groups/roles referenced 
> in the policy are automatically created in Ranger. This is a regression 
> introduced in RANGER-3562; prior to this change, such policy create/update 
> attempts would fail.
> To retain backward compatibility, the change in behavior should be effective 
> only when a flag is specified during policy create/update operation i.e. by 
> default the operation should fail when the policy references non-existing 
> users/groups/roles.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to