> On Jan. 6, 2024, 6:05 p.m., Madhan Neethiraj wrote: > > security-admin/db/mysql/patches/070-add-gds-perm.sql > > Lines 56 (patched) > > <https://reviews.apache.org/r/74820/diff/1/?file=2284399#file2284399line56> > > > > Is access to 'Governed Data Sharing' module necessary for built-in > > users rangerusersync and rangertagsync?
The patch contains access to built-in users rangerusersync and rangertagsync as they are also admin users. I checked the behaviour for security zone sql patches and even they had the same behaviour. If the access is not requird for these users, I can update the patch to remove the access. Thanks > On Jan. 6, 2024, 6:05 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > > Lines 306 (patched) > > <https://reviews.apache.org/r/74820/diff/1/?file=2284401#file2284401line306> > > > > Users with ROLE_ADMIN_AUDITOR role should be assigned 'Govered Data > > Sharing' module as well. I suggest removing #306 and #308. Sure. Will update the patch accordingly. Thanks - Abhishek ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74820/#review226108 ----------------------------------------------------------- On Jan. 6, 2024, 4:37 p.m., Abhishek Patil wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74820/ > ----------------------------------------------------------- > > (Updated Jan. 6, 2024, 4:37 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > and Ramesh Mani. > > > Bugs: RANGER-4498 > https://issues.apache.org/jira/browse/RANGER-4498 > > > Repository: ranger > > > Description > ------- > > Newly created admin users do not have access to GDS module when they are > created. > This patch addresses the issue by adding permissions on the GDS module to the > newly created ROLE_SYS_ADMIN users > > > Diffs > ----- > > security-admin/db/mysql/patches/070-add-gds-perm.sql 2d1894cae > security-admin/db/postgres/patches/070-add-gds-perm.sql 15f0243b0 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java d961bc50c > security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java > 4d03042fc > > > Diff: https://reviews.apache.org/r/74820/diff/1/ > > > Testing > ------- > > Patch tested by building Ranger admin locally and deploying it in Docker > container. > > Scenarios tested:- > 1. Created a user of role ROLE_SYS_ADMIN, the newly created user had access > to GDS module > 2. Created users of role ROLE_ADMIN_AUDITOR and ROLE_USER, and these users > did not have access to GDS module (expected behaviour). > > > Thanks, > > Abhishek Patil > >
