You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Nikhil Purbhe (Jira)" <ji...@apache.org> on 2019/10/17 11:45:00 UTC

[jira] [Commented] (RANGER-2618) Restrict rolename change when a policy/another role with that role exist

    [ https://issues.apache.org/jira/browse/RANGER-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16953661#comment-16953661 ] 

Nikhil Purbhe commented on RANGER-2618:
---------------------------------------

patch committed on apache [master|https://github.com/apache/ranger/commit/c267ee7ef05078eea77770f7a4701d3189d05ca1]

> Restrict rolename change when a policy/another role with that role exist
> ------------------------------------------------------------------------
>
>                 Key: RANGER-2618
>                 URL: https://issues.apache.org/jira/browse/RANGER-2618
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>            Reporter: suja s
>            Assignee: Nikhil Purbhe
>            Priority: Major
>
> When we try to delete a role associated with a ranger policy, the operation is not allowed. Likewise, role edit for rolename change also should be restricted.
> Reason:
> Rolename edit is allowed and the ranger policy still exists with old rolename reference. Policy enforcement happens as per old policy. Rolename change is not taken into consideration during policy download.
>  similarly for role which exist in another role rolename update should be restricted



--
This message was sent by Atlassian Jira
(v8.3.4#803005)