-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49684/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj,
Sailaja Polavarapu, and Velmurugan Periasamy.
Repository: ranger
Description
-------
Problem Statement :
usersync for all sources creates users and groups, but does not delete them
from Ranger's database if these users and groups do not exists anymore in the
original source.
So if you have for example a user called "bob" and bob leaves the company his
access rights will continue to exist in Ranger. If a new employee comes in that
is also "bob" he is immediately granted the same access as the previous
employee. This creates security incidents.
In a reasonable complex company it cannot be expected that another user
administration is being taken care of, while deletion could and should happen
automatically.
Proposed Solution : 1.compare user in unix/ldap with user in ranger db
2.delete user which is in ranger db but not exiting in
unix/ldap anymore
3. the user is going to be deleted is external user
Diffs
-----
ugsync/src/main/java/org/apache/ranger/unixusersync/model/XPortalUserInfo.java
PRE-CREATION
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
0c62b35
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
c71bc90
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java
9ee6d95
Diff: https://reviews.apache.org/r/49684/diff/
Testing
-------
the user deleted in unix will be deleted in ranger db.
and on ranger UI deleted user is not showing up.
Thanks,
ruoyu wang
