You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@gmail.com> on 2023/03/09 09:27:06 UTC
Review Request 74343: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74343/
-----------------------------------------------------------
Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-4127
https://issues.apache.org/jira/browse/RANGER-4127
Repository: ranger
Description
-------
**Problem Statement:**
Currently RangerPolicy object are being fetched from DB bit early and kept in memory. After that the References of user are deleted from other tables. Later The same RangerPolicy object which has few references of the same user is being used to update the policy. Since the user's references are removed it fails with ForeignKeyConstraintViolation Error.
Steps to reproduce:
Login from user having "admin" role access and create a user(for example testuser1). The new user should have "admin" role.
Login from that user(testuser1) and go to create policy page of any ranger service. Add the same user in policy item. Save the policy. Logout from the current user(testuser1).
Login from some other user who have "admin" role and try to delete the user "testuser1".
output: "Error! Error occurred during deleting Users: testuser1"
**Proposed solution:**
Load the Ranger Policies of the user after removing the references of x_portal_user table from child table.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 49a74cd1e
Diff: https://reviews.apache.org/r/74343/diff/1/
Testing
-------
Login from user having "admin" role access and created a user "testuser2" with "admin" role. Logout from "admin" user.
Login from "testuser2" and created a HDFS policy with "testuser2" in the policy item. Logout from "testuser2" user.
Login from "admin" user and delete the user "testuser2".
Actual result: "testuser2" was deleted and removed from HDFS policy.
Thanks,
Pradeep Agrawal
Re: Review Request 74343: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74343/#review225265
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On March 9, 2023, 9:27 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74343/
> -----------------------------------------------------------
>
> (Updated March 9, 2023, 9:27 a.m.)
>
>
> Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4127
> https://issues.apache.org/jira/browse/RANGER-4127
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:**
> Currently RangerPolicy object are being fetched from DB bit early and kept in memory. After that the References of user are deleted from other tables. Later The same RangerPolicy object which has few references of the same user is being used to update the policy. Since the user's references are removed it fails with ForeignKeyConstraintViolation Error.
>
> Steps to reproduce:
> Login from user having "admin" role access and create a user(for example testuser1). The new user should have "admin" role.
> Login from that user(testuser1) and go to create policy page of any ranger service. Add the same user in policy item. Save the policy. Logout from the current user(testuser1).
> Login from some other user who have "admin" role and try to delete the user "testuser1".
>
> output: "Error! Error occurred during deleting Users: testuser1"
>
> **Proposed solution:**
>
> Load the Ranger Policies of the user after removing the references of x_portal_user table from child table.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 49a74cd1e
>
>
> Diff: https://reviews.apache.org/r/74343/diff/1/
>
>
> Testing
> -------
>
> Login from user having "admin" role access and created a user "testuser2" with "admin" role. Logout from "admin" user.
> Login from "testuser2" and created a HDFS policy with "testuser2" in the policy item. Logout from "testuser2" user.
> Login from "admin" user and delete the user "testuser2".
>
> Actual result: "testuser2" was deleted and removed from HDFS policy.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>