----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48611/#review137382 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java (line 54) <https://reviews.apache.org/r/48611/#comment202522> Providing an option to apply this patch only for few users (may be a list from a file) would be helpful. - Velmurugan Periasamy On June 13, 2016, 6:08 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48611/ > ----------------------------------------------------------- > > (Updated June 13, 2016, 6:08 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1024 > https://issues.apache.org/jira/browse/RANGER-1024 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** In Case of upgrade from 0.4 to 0.5 or 0.6, If There > are too many users then execution of PatchPersmissionModel_J10003 may take > lot of time and may hold or block the upgrade. > > **Proposed Solution:** if there are more than 500 users then during install > process patch will process only those users which have role 'Admin' or 'Key > Admin' and skip processing of users having role 'User'. Later User can > execute this java patch separately by sending argument 'ALL' to process > permissions of all users. > > > Diffs > ----- > > > security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java > 764bb5d > > Diff: https://reviews.apache.org/r/48611/diff/ > > > Testing > ------- > > ***Use Case-1 : PatchPersmissionModel_J10003 execution during installation*** > **Steps performed(with patch) :** > 1. Installed and started 0.4 version of Ranger admin and usersync. > 2. Created more than 500 users in linux machine; which were added in Ranger > admin by Ranger usersync. > 3. Stop Ranger admin and Ranger usersync. > 4. Took Ranger latest code from master; applied patch and created build. > Unzipped the generated tar file and in install.properties provided Ranger db > configuration which were used in 0.4 version of Ranger installation. > 5. Installation process executed PatchPersmissionModel_J10003 and Logged into > Ranger admin UI. > > ** Expected Behaviour :** > PatchPersmissionModel_J10003 should execute and assign permissions to 'ADMIN' > and 'KEY_ADMIN' users only. Users with Role 'USER' should not have > permissions on 'Resource Based policies' and 'Report' module. > ** Actual Behaviour :** > In Ranger UI->permission page only 'ADMIN' and 'KEY_ADMIN' users had > permission on all modules; permission assignment logs were available in > ranger_db_patch.log file. Users with Role 'USER' did not had permissions on > 'Resource Based policies' and 'Report' module. > > ***Use Case-2 : Manual execution of PatchPersmissionModel_J10003*** > **Steps performed(with patch) :** > 1. Executed below given command after Ranger installation : > /usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/java > -Dlogdir=/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/logs > -Dlog4j.configuration=db_patch.log4j.xml -cp > /tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/conf:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/lib/*:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/META-INF/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/*:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar > org.apache.ranger.patch.PatchPersmissionModel_J10003 ALL > > ** Expected Behaviour :** > PatchPersmissionModel_J10003 should execute and assign permissions to all > users. 'ADMIN' and 'KEY_ADMIN' users should have permissions on all > modules;Users with Role 'USER' should have permissions on 'Resource Based > policies' and 'Report' module. > ** Actual Behaviour :** > In Ranger UI->permission page only 'ADMIN' and 'KEY_ADMIN' users had > permission on all modules; Users with Role 'USER' got permissions on > 'Resource Based policies' and 'Report' module. > permission assignment logs were available in ranger_db_patch.log file. > > > Thanks, > > Pradeep Agrawal > >
