You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhay Kulkarni (JIRA)" <ji...@apache.org> on 2015/12/17 19:23:46 UTC

[jira] [Assigned] (RANGER-788) Ranger Admin should set delegateAdmin=false for tag-based policies

     [ https://issues.apache.org/jira/browse/RANGER-788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Abhay Kulkarni reassigned RANGER-788:
-------------------------------------

    Assignee: Abhay Kulkarni  (was: Gautam Borad)

> Ranger Admin should set delegateAdmin=false for tag-based policies
> ------------------------------------------------------------------
>
>                 Key: RANGER-788
>                 URL: https://issues.apache.org/jira/browse/RANGER-788
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.6.0
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>
> Ranger Admin UI does not show 'Delegate Admin' field for tag-based policies, - as only users with administrator privileges are expected to manage tag-based policies. However, when the policy is sent to the server to save/update, delegateAdmin is set to "true" for all the policyItems in tag-based policy. This can cause non-admin users, who are granted any access in the tag-based policy, to be able to edit the policy.
> To prevent this, Ranger Admin UI should *initialize* 'delegateAdmin=false' for tag-based policies. Please note that, keeping in mind that delegateAdmin can be supported for tag-based policies in future, UI must set to "false" only while initializing new policyItems; there should not be any change existing policies retrieved from the server.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)