> On Nov. 10, 2016, 7:11 p.m., Velmurugan Periasamy wrote: > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java, line 1228 > > <https://reviews.apache.org/r/53441/diff/1/?file=1553767#file1553767line1228> > > > > Would be a good idea to audit this operation since it involves updating > > username.
Hi Velmurugan, I did some investigation and seems there is no existing auditing for script, for example the changepasswordutil.py, if we use that for password change there will be no auditing. But if we change password from UI,in public VXResponse changePassword(VXPasswordChange pwdChange) there is auditing by adding the action to XXTrxLog database, do you have any suggestion for auditing the scripts? Thanks. - Shi ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53441/#review155632 ----------------------------------------------------------- On Nov. 10, 2016, 4:25 a.m., Shi Wang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53441/ > ----------------------------------------------------------- > > (Updated Nov. 10, 2016, 4:25 a.m.) > > > Review request for ranger, Don Bosco Durai and Sailaja Polavarapu. > > > Repository: ranger > > > Description > ------- > > The solution is not specific to admin user. > We can use security-admin/scripts/changeusernameutil.py to change any user's > username, as long as we know the old user name and password. > The usage is changeusernameutil.py <loginuserid> <password> <newusername> > If the old username(loginuserid) cannot be found in database or password not > correct, or new username is the same with old username it will not proceed to > change username. > > > Diffs > ----- > > security-admin/scripts/changeusernameutil.py PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9885090 > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangeUserNameUtil.java > PRE-CREATION > src/main/assembly/admin-web.xml b06cdec > > Diff: https://reviews.apache.org/r/53441/diff/ > > > Testing > ------- > > 1. changeusernameutil.py admin admin wangshi --> user name update > successfully. > 2. changeusernameutil.py admin admin wangshi (after 1) --> username not found. > 3. changeusernameutil.py wangshi admin wangshi --> newusername same with > loginuserid > 4. changeusernameutil.py wangshi wangshi admin --> password invalid. > > > Thanks, > > Shi Wang > >
