-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48611/
-----------------------------------------------------------
(Updated June 15, 2016, 3:13 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj,
and Velmurugan Periasamy.
Changes
-------
Address review comments and tested by providing filepath as input parameter
while file contains loginId of users.
Bugs: RANGER-1024
https://issues.apache.org/jira/browse/RANGER-1024
Repository: ranger
Description
-------
**Problem Statement:** In Case of upgrade from 0.4 to 0.5 or 0.6, If There are
too many users then execution of PatchPersmissionModel_J10003 may take lot of
time and may hold or block the upgrade.
**Proposed Solution:** if there are more than 500 users then during install
process patch will process only those users which have role 'Admin' or 'Key
Admin' and skip processing of users having role 'User'. Later User can execute
this java patch separately by sending argument 'ALL' to process permissions of
all users.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
764bb5d
Diff: https://reviews.apache.org/r/48611/diff/
Testing
-------
***Use Case-1 : PatchPersmissionModel_J10003 execution during installation***
**Steps performed(with patch) :**
1. Installed and started 0.4 version of Ranger admin and usersync.
2. Created more than 500 users in linux machine; which were added in Ranger
admin by Ranger usersync.
3. Stop Ranger admin and Ranger usersync.
4. Took Ranger latest code from master; applied patch and created build.
Unzipped the generated tar file and in install.properties provided Ranger db
configuration which were used in 0.4 version of Ranger installation.
5. Installation process executed PatchPersmissionModel_J10003 and Logged into
Ranger admin UI.
** Expected Behaviour :**
PatchPersmissionModel_J10003 should execute and assign permissions to 'ADMIN'
and 'KEY_ADMIN' users only. Users with Role 'USER' should not have permissions
on 'Resource Based policies' and 'Report' module.
** Actual Behaviour :**
In Ranger UI->permission page only 'ADMIN' and 'KEY_ADMIN' users had permission
on all modules; permission assignment logs were available in
ranger_db_patch.log file. Users with Role 'USER' did not had permissions on
'Resource Based policies' and 'Report' module.
***Use Case-2 : Manual execution of PatchPersmissionModel_J10003***
**Steps performed(with patch) :**
1. Executed below given command after Ranger installation :
/usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/java
-Dlogdir=/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/logs
-Dlog4j.configuration=db_patch.log4j.xml -cp
/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/conf:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/lib/*:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/META-INF/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/*:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/:/tmp/ranger-0.6.0-SNAPSHOT-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar
org.apache.ranger.patch.PatchPersmissionModel_J10003 ALL
** Expected Behaviour :**
PatchPersmissionModel_J10003 should execute and assign permissions to all
users. 'ADMIN' and 'KEY_ADMIN' users should have permissions on all
modules;Users with Role 'USER' should have permissions on 'Resource Based
policies' and 'Report' module.
** Actual Behaviour :**
In Ranger UI->permission page only 'ADMIN' and 'KEY_ADMIN' users had permission
on all modules; Users with Role 'USER' got permissions on 'Resource Based
policies' and 'Report' module.
permission assignment logs were available in ranger_db_patch.log file.
Thanks,
Pradeep Agrawal
