You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Velmurugan Periasamy (JIRA)" <ji...@apache.org> on 2014/09/05 00:03:24 UTC

[jira] [Created] (ARGUS-37) Delegated admin user should NOT be allowed to modify base policy

Velmurugan Periasamy created ARGUS-37:
-----------------------------------------

             Summary: Delegated admin user should NOT be allowed to modify base policy
                 Key: ARGUS-37
                 URL: https://issues.apache.org/jira/browse/ARGUS-37
             Project: Argus
          Issue Type: Bug
            Reporter: Velmurugan Periasamy


Currently delegated admin user is allowed to change the base policy for HBase/Knox. User should be allowed to edit the policy and make access more restrictive and not broader.

Steps to reproduce:
1. Login into system as admin
2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1  and assign it to "user" ( Note this user should be internal user ) with permissions as : Admin  ( Selecting Admin will also highlight all other permissions )
3. Now login as "user"  ( As per policy in step 2, this user is now a "Delegated Admin" user ) 
4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2 ColumnFamilies=CF1
5. Click on save

Expected result: User should be NOT be allowed to change the Tables ( since he/she was delegated admin ONLY for TBL1/CF1)

Actual result : The user is allowed to save the policy, which should not be case.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)