You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abdelkrim Hadjidj (JIRA)" <ji...@apache.org> on 2017/08/01 11:23:00 UTC

[jira] [Created] (RANGER-1718) Delegated admin should not be able to extend his scope with recursive

Abdelkrim Hadjidj created RANGER-1718:
-----------------------------------------

             Summary: Delegated admin should not be able to extend his scope with recursive
                 Key: RANGER-1718
                 URL: https://issues.apache.org/jira/browse/RANGER-1718
             Project: Ranger
          Issue Type: Bug
          Components: admin
    Affects Versions: 0.7.0
            Reporter: Abdelkrim Hadjidj


Delegate admin helps offloading policies management to other users. However, the delegated admin should not be able to edit the original policy to get more privileges. 

Problem with the actual solution: when a policy with 'recursive=No' is delegated to a user X, the user X is able to change 'recursive=Yes' and get privileges on lower levels of the HDFS directory. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)