----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48064/#review135692 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3651) <https://reviews.apache.org/r/48064/#comment200718> update serviceConfig only if the key is already not present if(!rangerService.getConfigs().containsKey(ServiceREST.Allowed_User_List_For_Grant_Revoke) { rangerService.getConfigs().put(ServiceREST.Allowed_User_List_For_Grant_Revoke, serviceUser); } security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3653) <https://reviews.apache.org/r/48064/#comment200719> update serviceConfig only if the key is already not present if(!rangerService.getConfigs().containsKey(TagREST.Allowed_User_List_For_Tag_Download) { rangerService.getConfigs().put(TagREST.Allowed_User_List_For_Tag_Download, serviceUser); } security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3667) <https://reviews.apache.org/r/48064/#comment200723> adding a policy item to each policy during each startup does not look right. Instead, I think we should document the necessary permission for lookup user and have a policy in each service manually updated/created. - Madhan Neethiraj On May 31, 2016, 9:03 a.m., Ankita Sinha wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48064/ > ----------------------------------------------------------- > > (Updated May 31, 2016, 9:03 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Velmurugan Periasamy. > > > Bugs: RANGER-1003 > https://issues.apache.org/jira/browse/RANGER-1003 > > > Repository: ranger > > > Description > ------- > > **Problem Statement** > In secure environment after upgrade the service and policies is not updated > with custom properties for Policy/Tag download and with lookup user to have > permission for Test Connection and Resource Lookup. > > **Need to implement following** > 1. After upgrade add lookup user to have permissions in all policies. > 2. After upgrade add custom property "policy.download.auth.users" and > "tag.download.auth.users" in Service config of each repo and > "policy.grantrevoke.auth.users" for HBase/Hive. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > 63c630e > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > d2178f4 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 1028c8d > security-admin/src/main/java/org/apache/ranger/rest/TagREST.java be70cfe > > Diff: https://reviews.apache.org/r/48064/diff/ > > > Testing > ------- > > 1. Tested Ranger Admin with admin and keyadmin role user. > 2. Checked when Ranger Admin starts the service/policy created in previous > version is updated in secure cluster. > > > Thanks, > > Ankita Sinha > >
