You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Sailaja Polavarapu (JIRA)" <ji...@apache.org> on 2019/08/07 17:56:00 UTC

[jira] [Created] (RANGER-2531) Removing a user from a group is not reflected properly in unix based sync.

Sailaja Polavarapu created RANGER-2531:
------------------------------------------

             Summary: Removing a user from a group is not reflected properly in unix based sync.
                 Key: RANGER-2531
                 URL: https://issues.apache.org/jira/browse/RANGER-2531
             Project: Ranger
          Issue Type: Improvement
          Components: usersync
            Reporter: Sailaja Polavarapu
            Assignee: Sailaja Polavarapu


Ranger Usersync is configured with Unix sync source. When a user is removed from a group using "usermod" command, the changes are not propagated to ranger admin properly. 
Also, when a user is removed from a group that is defined in the role assignment rules (as sys_admin or key_admin), then the user is still marked with sys_admin or key_admin privilege in range admin.
For example, I have configured "ranger.usersync.group.based.role.assignment.rules" with value ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have Ranger Admin privilege. 
Later when a user is removed from hadoop group, then the privilege for this user should be reset to "User" which is not happening.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)