[
https://issues.apache.org/jira/browse/RANGER-5150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17928404#comment-17928404
]
gooch commented on RANGER-5150:
-------------------------------
I tested removing this operation, and it had no impact on the plugin's
strategy, role synchronization, and permission verification.
> Why do we need to modify the policy version when modifying a role?
> ------------------------------------------------------------------
>
> Key: RANGER-5150
> URL: https://issues.apache.org/jira/browse/RANGER-5150
> Project: Ranger
> Issue Type: Improvement
> Components: admin, plugins
> Affects Versions: 3.0.0
> Reporter: gooch
> Priority: Major
>
> The problem we are currently facing is that when modifying a role, even if
> the policy has not actually been updated, it will still trigger the update of
> the policy cache in the admin. This has led to some additional performance
> overhead. Is this operation redundant? This line of code was introduced in
> RANGER - 2414, but I can't figure out the considerations behind it. Does the
> role update plugin need to re - fetch the policy, even if there are no
> changes?
> In addition, only the role update operation will update the policy version.
> Additions and deletions will not.
>
> org.apache.ranger.biz.RoleDBStore#updateRole
> {code:java}
> roleService.updatePolicyVersions(updatedRole.getId()); {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
