You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhishek (Jira)" <ji...@apache.org> on 2023/02/15 11:06:00 UTC

[jira] [Created] (RANGER-4086) An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self

Abhishek created RANGER-4086:
--------------------------------

             Summary: An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
                 Key: RANGER-4086
                 URL: https://issues.apache.org/jira/browse/RANGER-4086
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
            Reporter: Abhishek


On the Ranger UI, create a new admin user and login as the newly created user in a different browser.
Then remove the permissions for the user on any module.
In the second browser, the newly created user is still able to access the permissions module page and is able to assign permissions to self.
Ideally, if a user does not have access to all the permission modules, then the user should not be able to edit permissions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)