----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50118/#review142733 -----------------------------------------------------------
Ship it! Ship It! - Gautam Borad On July 19, 2016, 6:07 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50118/ > ----------------------------------------------------------- > > (Updated July 19, 2016, 6:07 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1090 > https://issues.apache.org/jira/browse/RANGER-1090 > > > Repository: ranger > > > Description > ------- > > **Note:** This review request is part of RR-49795(RANGER-1090) > > **Problem Statement :** > Revoke command with 'revoke grant option' does not disable delegated admin > permission for users/groups in the corresponding policy. > > Currently Revoke request deletes the applicable policy item and creates two > additional policy item of 'ALLOW', 'DENY_EXCEPTIONS' type in x_policy_item > table. Reference entries are also getting created in x_policy_item_access and > x_policy_item_user_perm/x_policy_item_group_perm tables. This should not > happen in case of revoke request. > > **Proposed Solution :** > Removed the implementation which was creating additional policy items and > featured the revoke request call only for 'Allow' policy type; From > processRevokeRequest() called the required/available method to remove policy > item access list and update the existing policy. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java > d794565 > > Diff: https://reviews.apache.org/r/50118/diff/ > > > Testing > ------- > > **Case-1 :** Upgrade Case : Validated Revoke request(with patch) for resource > where policy was created using grant command in previous version of > Ranger(0.6). revoke command was not executed through previous version of > Ranger(0.6) for same resource. > **Case-2 :** Upgrade Case : Validated Revoke request(with patch) for resource > where policy was created using grant command in previous version of > Ranger(0.6). revoke command was also executed through previous version of > Ranger(0.6) for same resource. > **Case-3 :** Fresh installation case : Validated Grant/Revoke request(with > patch) for resource where policy for the resource does not exist. > > > Thanks, > > Pradeep Agrawal > >
