Sailaja Polavarapu created RANGER-2997:
------------------------------------------
Summary: Ranger usersync role assignment issues
Key: RANGER-2997
URL: https://issues.apache.org/jira/browse/RANGER-2997
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 2.1.0
Reporter: Sailaja Polavarapu
Assignee: Sailaja Polavarapu
Fix For: 3.0.0, 2.2.0
When syncing users from LDAP and AD following two scenarios fail (unix user
syncing is not affected) when checking role assignments.
Setup: two groups with 5 members in total:
rangerdeltaGrp01: rangerdelta00,rangerdelta01,rangerdelta04
rangerdeltaGrp02: rangerdelta02,rangerdelta03,rangerdelta04
User rangerdelta04 is member of both groups.
Scenario 1:
-
'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02'
- expected: rangerdelta04 has only KEY_ADMIN role
- actual: has both KEY_ADMIN and SYS_ADMIN roles
Scenario 2:
-
'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02&ROLE_SYS_ADMIN:u:rangerdelta04'
- expected: rangerdelta04 is SYS_ADMIN
- actual: it is not
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
