You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Fatima Khan <fa...@gmail.com> on 2018/03/13 13:43:22 UTC
Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger
Admin users
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/
-----------------------------------------------------------
(Updated March 13, 2018, 1:43 p.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
Summary (updated)
-----------------
RANGER 1948 : Support for Read-only Ranger Admin users
Bugs: RANGER-1948
https://issues.apache.org/jira/browse/RANGER-1948
Repository: ranger
Description
-------
This Jira is to cater to need of Auditor roles in Ranger Admin.
We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin.
* Auditor (Readonly privileges from current Admin role user )
* KMS Auditor (Readonly privileges from current Keydmin role user )
Diffs (updated)
-----
security-admin/scripts/rolebasedusersearchutil.py d651461
security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7
security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84
security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa
security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7
security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7
security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd
security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f
unixauthservice/scripts/install.properties be8723c
Diff: https://reviews.apache.org/r/65914/diff/5/
Changes: https://reviews.apache.org/r/65914/diff/4-5/
Testing
-------
Tested scenario's:
1.Tested admin user is able to create User role user.
2.Tested admin user is able to create Auditor role user.
3.Tested admin user is not able to create kms auditor role user.
4.Tested keyadmin user is able to create kms auditor.
5.Tested auditor is able to only view policies, users, services and audits.
6.Tested kms auditor is able to only view policies, users, services, audits and keys.
7.Tested auditor is able to see permission tab but kms auditor should not see permission tab.
8.Auditor role users are not allowed to import/export policies
9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
Thanks,
Fatima Khan
Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger
Admin users
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review199247
-----------------------------------------------------------
Ship it!
Ship It!
- Pradeep Agrawal
On March 13, 2018, 1:43 p.m., Fatima Khan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> -----------------------------------------------------------
>
> (Updated March 13, 2018, 1:43 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
>
>
> Bugs: RANGER-1948
> https://issues.apache.org/jira/browse/RANGER-1948
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This Jira is to cater to need of Auditor roles in Ranger Admin.
>
> We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin.
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
>
>
> Diffs
> -----
>
> security-admin/scripts/rolebasedusersearchutil.py d651461
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7
> security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444
> security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84
> security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035
> security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa
> security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7
> security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd
> security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f
> unixauthservice/scripts/install.properties be8723c
>
>
> Diff: https://reviews.apache.org/r/65914/diff/5/
>
>
> Testing
> -------
>
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab.
> 8.Auditor role users are not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
>
>
> Thanks,
>
> Fatima Khan
>
>
Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger
Admin users
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review199238
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On March 13, 2018, 1:43 p.m., Fatima Khan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> -----------------------------------------------------------
>
> (Updated March 13, 2018, 1:43 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu.
>
>
> Bugs: RANGER-1948
> https://issues.apache.org/jira/browse/RANGER-1948
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This Jira is to cater to need of Auditor roles in Ranger Admin.
>
> We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin.
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
>
>
> Diffs
> -----
>
> security-admin/scripts/rolebasedusersearchutil.py d651461
> security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7
> security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444
> security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84
> security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f
> security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035
> security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa
> security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7
> security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7
> security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd
> security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0
> security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f
> unixauthservice/scripts/install.properties be8723c
>
>
> Diff: https://reviews.apache.org/r/65914/diff/5/
>
>
> Testing
> -------
>
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab.
> 8.Auditor role users are not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName
>
>
> Thanks,
>
> Fatima Khan
>
>