----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42105/#review113903 -----------------------------------------------------------
Can you please update the JIRA with usecases for this utility? I see that the patch replaces existing references to the user being deleted with another user; there should be a better approach, like: 1) do not delete such users 2) set the references to null (or simply remove these users - if in policy) 3) set reference to a built-in user 'Unknown' (similar to 'public' group) Also, this utility should support deleting groups as well. - Madhan Neethiraj On Jan. 11, 2016, 5:13 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42105/ > ----------------------------------------------------------- > > (Updated Jan. 11, 2016, 5:13 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-806 > https://issues.apache.org/jira/browse/RANGER-806 > > > Repository: ranger > > > Description > ------- > > Problem Statement: > As of now, Delete Users feature is not available in Ranger UI. > > Proposed Solution: > This JIRA provides, java utility patch that users can use to delete list of > users from Ranger database. Utility can accept an input file which should > have users need to be deleted and a replacing user, which shall be used to > change references of deleted user. if replacing user does not exist or not > provided then system shall pick one available user with role 'ROLE_SYS_ADMIN'. > > After Ranger admin is installed successfully, User should be able to execute > this command line utility by providing Driver jar file according to his > Ranger DB Flavour. > > A sample command need to be provided and documented so that user can execute > them by changing path of Ranger Admin install dir, libraries and logs > according to his environment. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java > aaa4fa5 > security-admin/src/main/java/org/apache/ranger/db/XXAuditMapDao.java > 481e486 > security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java > 4c9bdc5 > security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java > ffc3c32 > security-admin/src/main/java/org/apache/ranger/db/XXPermMapDao.java 23c5c48 > > security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java > 40a0da1 > security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java > 393252c > security-admin/src/main/java/org/apache/ranger/db/XXPortalUserRoleDao.java > 99d0fe2 > security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java > 2db6fd6 > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/DeleteUserUtil.java > PRE-CREATION > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 55c4f1c > > Diff: https://reviews.apache.org/r/42105/diff/ > > > Testing > ------- > > Steps performed (with patch) : > 1. After Ranger installation, started Ranger admin and usersync to sync unix > os users. > 2. Created one input file and added user names from the list of synced users. > 3. Executed below given command to delete users: > /usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/java > -Dlogdir=/tmp/ranger-0.5.0-admin/ews/logs > -Dlog4j.configuration=db_patch.log4j.xml -cp > /tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/META-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar > org.apache.ranger.patch.cliutil.DeleteUserUtil -f /tmp/user.txt -ru admin > > Result/Behavior: > 1. Browsed user/group page in Ranger Admin UI and found that users name added > in user.txt are now not appearing in UI. > 2. Picked a deleted user and Checked reference of that user in various ranger > db tables, references were replaced with 'admin' user as it was given with > '-ru' switch. > > > Thanks, > > Gautam Borad > >
