Abhay Kulkarni created RANGER-3535:
--------------------------------------
Summary: A delegate admin user should be able to add another user
with all or subset of permissions they have
Key: RANGER-3535
URL: https://issues.apache.org/jira/browse/RANGER-3535
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
Steps to reproduce:
# Login to Ranger Admin as admin user
# Create normal users (steve, peter, erwin, bob) in Ranger Admin
# Create new policy p1 with resource /p1 & allowed users steve (read,
delegate-admin) & peter (read, delegate-admin)
# Create new policy p2 with resource /p2 & allowed users steve (read, write,
delegate-admin) & peter (read, delegate-admin)
# Create new policy p3 with resource /p3 & allowed users steve (write,
delegate-admin) & peter (read, delegate-admin)
# Create new policy p4 with resource /p4 & allowed users bob (read, write) &
peter (read, delegate-admin)
# Log out as admin user, and login again as peter
# Try to add user erwin (read) in p1, p2, p3 & p4
# delegate admin user peter should be able to add user erwin in all policies,
but other than p1 rest all fails.
Requirement:
# Delegate admin user should be able to add other users with permissions less
or equal to his/ her.
# Delegate admin user should not be able to add other users with permission
more than what he/ she possesses. Basically he/ she can give permissions, all
or sub-set of permissions he/ she possesses.
# Delegate admin user should not be able to add more permissions to his own.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
