You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Velmurugan Periasamy (JIRA)" <ji...@apache.org> on 2014/09/05 18:29:29 UTC
[jira] [Assigned] (ARGUS-37) Delegated admin user should NOT be
allowed to modify base policy
[ https://issues.apache.org/jira/browse/ARGUS-37?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Velmurugan Periasamy reassigned ARGUS-37:
-----------------------------------------
Assignee: Velmurugan Periasamy
> Delegated admin user should NOT be allowed to modify base policy
> ----------------------------------------------------------------
>
> Key: ARGUS-37
> URL: https://issues.apache.org/jira/browse/ARGUS-37
> Project: Argus
> Issue Type: Bug
> Reporter: Velmurugan Periasamy
> Assignee: Velmurugan Periasamy
>
> Currently delegated admin user is allowed to change the base policy for HBase/Knox. User should be allowed to edit the policy and make access more restrictive and not broader.
> Steps to reproduce:
> 1. Login into system as admin
> 2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1 and assign it to "user" ( Note this user should be internal user ) with permissions as : Admin ( Selecting Admin will also highlight all other permissions )
> 3. Now login as "user" ( As per policy in step 2, this user is now a "Delegated Admin" user )
> 4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2 ColumnFamilies=CF1
> 5. Click on save
> Expected result: User should be NOT be allowed to change the Tables ( since he/she was delegated admin ONLY for TBL1/CF1)
> Actual result : The user is allowed to save the policy, which should not be case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)