Madhan Neethiraj created RANGER-788:
---------------------------------------
Summary: Ranger Admin should set delegateAdmin=false for tag-based
policies
Key: RANGER-788
URL: https://issues.apache.org/jira/browse/RANGER-788
Project: Ranger
Issue Type: Bug
Components: admin
Affects Versions: 0.6.0
Reporter: Madhan Neethiraj
Assignee: Gautam Borad
Ranger Admin UI does not show 'Delegate Admin' field for tag-based policies, -
as only users with administrator privileges are expected to manage tag-based
policies. However, when the policy is sent to the server to save/update,
delegateAdmin is set to "true" for all the policyItems in tag-based policy.
This can cause non-admin users, who are granted any access in the tag-based
policy, to be able to edit the policy.
To prevent this, Ranger Admin UI should *initialize* 'delegateAdmin=false' for
tag-based policies. Please note that, keeping in mind that delegateAdmin can be
supported for tag-based policies in future, UI must set to "false" only while
initializing new policyItems; there should not be any change existing policies
retrieved from the server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
