ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <vperias...@hortonworks.com>
Subject Re: Review Request 68185: RANGER-2168: Add service admin user through service config
Date Fri, 03 Aug 2018 16:11:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68185/#review206845
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Aug. 3, 2018, 11:12 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68185/
> -----------------------------------------------------------
> 
> (Updated Aug. 3, 2018, 11:12 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay Kulkarni,
Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2168
>     https://issues.apache.org/jira/browse/RANGER-2168
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Patch committed from RR https://reviews.apache.org/r/68096 is having one issue.
> When keyadmin user is added as service admin user in kms service then he can't view the
kms policy.
> Issue was not there in First patch of RR 68096 but got introduced in second patch.
> 
> 
> **Note:** 
> 1) If there are too many policies then please update following options value in ranger-admin-services.sh
:
> -XX:MaxPermSize
> -Xmx
> -Xms
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java c116ea289 
> 
> 
> Diff: https://reviews.apache.org/r/68185/diff/1/
> 
> 
> Testing
> -------
> 
> Tested following use cases:
> 
> USER ROLE | IS Service Admin User
> 
> USER | TRUE
> USER | FALSE
> ADMIN | TRUE
> ADMIN | FALSE
> KEYADMIN | TRUE
> KEYADMIN | FALSE
> 
> 
> Service Admin User ROLE | Service Type
> 
> USER | NON KMS
> USER | KMS
> ADMIN | NON KMS
> ADMIN | KMS
> KEYADMIN | NON KMS
> KEYADMIN | KMS
> 
> **Observations:**
> 1) If Admin role user is a Service Admin user in KMS Service then he can't do any operations
in the policies of that service.
> 2) If Keyadmin role user is a Service Admin user in a NON KMS Service then he can't do
any operations in the policies of that service.
> 3) If User role user is a Service Admin user in KMS Service then he can't view the KMS
service dashboard.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message