Re: Review Request 74820: RANGER-4498: Newly created user with admin role doesn't get permission for GDS module automatically

Sat, 06 Jan 2024 10:05:38 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74820/#review226108
-----------------------------------------------------------




security-admin/db/mysql/patches/070-add-gds-perm.sql
Lines 56 (patched)
<https://reviews.apache.org/r/74820/#comment314393>

    Is access to 'Governed Data Sharing' module necessary for built-in users 
rangerusersync and rangertagsync?



security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 306 (patched)
<https://reviews.apache.org/r/74820/#comment314394>

    Users with ROLE_ADMIN_AUDITOR role should be assigned 'Govered Data 
Sharing' module as well. I suggest removing #306 and #308.


- Madhan Neethiraj


On Jan. 6, 2024, 4:37 p.m., Abhishek Patil wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74820/
> -----------------------------------------------------------
> 
> (Updated Jan. 6, 2024, 4:37 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, 
> and Ramesh Mani.
> 
> 
> Bugs: RANGER-4498
>     https://issues.apache.org/jira/browse/RANGER-4498
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Newly created admin users do not have access to GDS module when they are 
> created.
> This patch addresses the issue by adding permissions on the GDS module to the 
> newly created ROLE_SYS_ADMIN users
> 
> 
> Diffs
> -----
> 
>   security-admin/db/mysql/patches/070-add-gds-perm.sql 2d1894cae 
>   security-admin/db/postgres/patches/070-add-gds-perm.sql 15f0243b0 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java d961bc50c 
>   security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
> 4d03042fc 
> 
> 
> Diff: https://reviews.apache.org/r/74820/diff/1/
> 
> 
> Testing
> -------
> 
> Patch tested by building Ranger admin locally and deploying it in Docker 
> container.
> 
> Scenarios tested:-
> 1. Created a user of role ROLE_SYS_ADMIN, the newly created user had access 
> to GDS module
> 2. Created users of role ROLE_ADMIN_AUDITOR and ROLE_USER, and these users 
> did not have access to GDS module (expected behaviour).
> 
> 
> Thanks,
> 
> Abhishek Patil
> 
>

Reply via email to