ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <vperias...@hortonworks.com>
Subject Re: Review Request 69198: RANGER-2270: Restrict tag module access to unprivileged users
Date Tue, 30 Oct 2018 03:19:54 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69198/#review210163
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 29, 2018, 1:21 p.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69198/
> -----------------------------------------------------------
> 
> (Updated Oct. 29, 2018, 1:21 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P,
Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2270
>     https://issues.apache.org/jira/browse/RANGER-2270
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement** Currently, if Ranger user does not have access permission in tag
module then he can see tag service def but can't view policies in it and can't change any
information. 
> 
> **Proposed solution** I propose a change here that user should not able to view the tag
service def if he don't have permission in Tag module.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b304e3e99 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5a1e519b2 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java c51354880 
>   security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java e20cf9f89 
> 
> 
> Diff: https://reviews.apache.org/r/69198/diff/1/
> 
> 
> Testing
> -------
> 
> **Steps performed for Ranger-admin(with patch):**
> 1. Created Build with patch and untar the build.
> 2. Opened install.properties and provided db configuration in install.properties
> 3. Called setup.sh
> 4. Started Ranger admin.
> 5. Logged in from admin user and created a user testuser1 with user role. Logout from
admin account.
> 6. Logged in from testuser1 id and try to access page http://localhost:6080/index.html#!/policymanager/tag
in another tab.
> 
> **Expected Behavior:**
> Ranger-admin should not show any tag service def as testuser1 is not having permission
in the tag based module.
> 
> 
> **Actual Behavior:**
> Ranger-admin was not showing tag service def.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message