You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhay Kulkarni (Jira)" <ji...@apache.org> on 2020/11/19 16:58:00 UTC

[jira] [Assigned] (RANGER-3082) User with delegated-admin is unable to create policy

     [ https://issues.apache.org/jira/browse/RANGER-3082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Abhay Kulkarni reassigned RANGER-3082:
--------------------------------------

    Assignee: Abhay Kulkarni

> User with delegated-admin is unable to create policy
> ----------------------------------------------------
>
>                 Key: RANGER-3082
>                 URL: https://issues.apache.org/jira/browse/RANGER-3082
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> Ranger policy model supports delegated-admin model which enables an administrator to allow non-admin users to setup policies for a subset of resources. For example, following policy would allow users in finance_admin group to setup policies for all tables and columns in database=finance.
> {noformat}
> resource:        database=finance; table=*; column=*
> group:           finance_admin
> delegated-admin: true
> {noformat}
> However, when macros like {{\{USER\}}} are used in resource names, users with delegated-admin are unable to setup policies. For example, following policy should allow user {{scott}} to setup policies for tables in a database named {{test_scott}}, but it doesn't.
> {noformat}
> resource:        database=test_{USER}; table=*; column=*
> user:            {USER}
> delegated-admin: true
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)