[
https://issues.apache.org/jira/browse/RANGER-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhay Kulkarni reassigned RANGER-788:
-------------------------------------
Assignee: Abhay Kulkarni (was: Gautam Borad)
> Ranger Admin should set delegateAdmin=false for tag-based policies
> ------------------------------------------------------------------
>
> Key: RANGER-788
> URL: https://issues.apache.org/jira/browse/RANGER-788
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.6.0
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
>
> Ranger Admin UI does not show 'Delegate Admin' field for tag-based policies,
> - as only users with administrator privileges are expected to manage
> tag-based policies. However, when the policy is sent to the server to
> save/update, delegateAdmin is set to "true" for all the policyItems in
> tag-based policy. This can cause non-admin users, who are granted any access
> in the tag-based policy, to be able to edit the policy.
> To prevent this, Ranger Admin UI should *initialize* 'delegateAdmin=false'
> for tag-based policies. Please note that, keeping in mind that delegateAdmin
> can be supported for tag-based policies in future, UI must set to "false"
> only while initializing new policyItems; there should not be any change
> existing policies retrieved from the server.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
