You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Abhay Kulkarni (Jira)" <ji...@apache.org> on 2020/11/19 16:58:00 UTC
[jira] [Assigned] (RANGER-3082) User with delegated-admin is unable
to create policy
[ https://issues.apache.org/jira/browse/RANGER-3082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhay Kulkarni reassigned RANGER-3082:
--------------------------------------
Assignee: Abhay Kulkarni
> User with delegated-admin is unable to create policy
> ----------------------------------------------------
>
> Key: RANGER-3082
> URL: https://issues.apache.org/jira/browse/RANGER-3082
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Abhay Kulkarni
> Priority: Major
>
> Ranger policy model supports delegated-admin model which enables an administrator to allow non-admin users to setup policies for a subset of resources. For example, following policy would allow users in finance_admin group to setup policies for all tables and columns in database=finance.
> {noformat}
> resource: database=finance; table=*; column=*
> group: finance_admin
> delegated-admin: true
> {noformat}
> However, when macros like {{\{USER\}}} are used in resource names, users with delegated-admin are unable to setup policies. For example, following policy should allow user {{scott}} to setup policies for tables in a database named {{test_scott}}, but it doesn't.
> {noformat}
> resource: database=test_{USER}; table=*; column=*
> user: {USER}
> delegated-admin: true
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)