You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Sailaja Polavarapu (JIRA)" <ji...@apache.org> on 2019/08/07 17:56:00 UTC
[jira] [Created] (RANGER-2531) Removing a user from a group is not
reflected properly in unix based sync.
Sailaja Polavarapu created RANGER-2531:
------------------------------------------
Summary: Removing a user from a group is not reflected properly in unix based sync.
Key: RANGER-2531
URL: https://issues.apache.org/jira/browse/RANGER-2531
Project: Ranger
Issue Type: Improvement
Components: usersync
Reporter: Sailaja Polavarapu
Assignee: Sailaja Polavarapu
Ranger Usersync is configured with Unix sync source. When a user is removed from a group using "usermod" command, the changes are not propagated to ranger admin properly.
Also, when a user is removed from a group that is defined in the role assignment rules (as sys_admin or key_admin), then the user is still marked with sys_admin or key_admin privilege in range admin.
For example, I have configured "ranger.usersync.group.based.role.assignment.rules" with value ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have Ranger Admin privilege.
Later when a user is removed from hadoop group, then the privilege for this user should be reset to "User" which is not happening.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)