You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Yijun Wang (Jira)" <ji...@apache.org> on 2020/02/14 16:37:00 UTC
[jira] [Comment Edited] (RANGER-2601) Rangerusersync does not
remove users from groups
[ https://issues.apache.org/jira/browse/RANGER-2601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036504#comment-17036504 ]
Yijun Wang edited comment on RANGER-2601 at 2/14/20 4:36 PM:
-------------------------------------------------------------
We are using Ranger 2.0.0 as well. Here's a use case based on what we observed:
We assign ROLE_ADMIN_AUDITOR to group1, where user1 was part of it. And user1 just got removed from group1 in ldap.
After a ldapsync, user1 is removed from group1 in Ranger. However, it remains in the ROLE_ADMIN_AUDITOR.
For security reason, I think if user1 doesn't belong to any other group, we should delete this user. If it belongs to another group, we should remove user1's role ROLE_ADMIN_AUDITOR which was assigned with group1, and assign the role that is associated with the other group.
was (Author: yzw0060):
We are using Ranger 2.0.0 as well. Here's a user case based on what we observed:
We assign ROLE_ADMIN_AUDITOR to group1, where user1 was part of it. And user1 just got removed from group1 in ldap.
After a ldapsync, user1 is removed from group1 in Ranger. However, it maintains ROLE_ADMIN_AUDITOR.
For security reason, I think we should removed user1's role ROLE_ADMIN_AUDITOR which assigned with group1. If user1 doesn't belong to any other group, we should delete this user.
> Rangerusersync does not remove users from groups
> ------------------------------------------------
>
> Key: RANGER-2601
> URL: https://issues.apache.org/jira/browse/RANGER-2601
> Project: Ranger
> Issue Type: Bug
> Components: usersync
> Affects Versions: 2.0.0
> Reporter: t oo
> Priority: Major
>
> Usersync from ldap. Remove a user from a group in ldap. After next usersync the user is still in the group
--
This message was sent by Atlassian Jira
(v8.3.4#803005)