[
https://issues.apache.org/jira/browse/RANGER-1102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15382587#comment-15382587
]
Yujie Li commented on RANGER-1102:
----------------------------------
Hi [~bosco], my concern is that internal users can also be created from the web
interface, we will have more than just those admin users.
For example, what if I create an internal user called Bob and then external
source also has a Bob user? In my opinion, Ranger should prevent syncing those
external users after detecting the existence of same internal ones. I guess
during every synchronization, we can compare all external users to our internal
ones and skip those conflicting users and generate warnings for that.
But also, that would affect those users within the Hadoop ecosystem.
> Conflict between internal and external users with same username
> ---------------------------------------------------------------
>
> Key: RANGER-1102
> URL: https://issues.apache.org/jira/browse/RANGER-1102
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Affects Versions: 0.5.2, 0.6.0
> Reporter: Yujie Li
>
> When Ranger syncs user data from external source, if external users share the
> same username with existing internal users, those internal users will be
> updated with external users' group information.
> For example, we have an internal user "admin" in "admin" group. If we sync
> from UNIX and there is also a user named "admin" in group "test", eventually
> the internal "admin" will still be internal but its group will be updated to
> "test". There won't be another external "admin" user.
> This should not be allowed as they should be separated as two different users.
> But on the other hand, if we create an internal user from the web UI while we
> already have an external user with that username, there will be an warning
> saying "user already exists" and the action will abort. This will not cause
> any issues.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
