ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <vperias...@hortonworks.com>
Subject Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger Admin users
Date Thu, 15 Mar 2018 02:26:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review199238
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On March 13, 2018, 1:43 p.m., Fatima Khan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> -----------------------------------------------------------
> 
> (Updated March 13, 2018, 1:43 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-1948
>     https://issues.apache.org/jira/browse/RANGER-1948
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> This Jira is to cater to need of Auditor roles in Ranger Admin.  
> 
> We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin. 
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
> 
> 
> Diffs
> -----
> 
>   security-admin/scripts/rolebasedusersearchutil.py d651461 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
>   security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
>   security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
>   security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
>   security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7

>   security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080

>   security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
d3a28f7 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
>   security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
6951cbd 
>   security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85

>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0 
>   security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f 
>   unixauthservice/scripts/install.properties be8723c 
> 
> 
> Diff: https://reviews.apache.org/r/65914/diff/5/
> 
> 
> Testing
> -------
> 
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see permission
tab.
> 8.Auditor role users are  not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties install.properties
of usersync during initial start of usersync.Property value in install.properties will be
GROUP_BASED_ROLE_ASSIGNMENT_RULES= &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message