You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Pradeep Agrawal (JIRA)" <ji...@apache.org> on 2017/02/24 06:47:44 UTC

[jira] [Created] (RANGER-1409) User role get deleted from table when he tries to update his role to a restricted role

Pradeep Agrawal created RANGER-1409:
---------------------------------------

             Summary: User role get deleted from table when he tries to update his role to a restricted role
                 Key: RANGER-1409
                 URL: https://issues.apache.org/jira/browse/RANGER-1409
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 0.6.0, 0.5.0, 0.7.0
            Reporter: Pradeep Agrawal
            Assignee: Pradeep Agrawal


*Problem Statement :* User role get deleted from x_portal_user_role table and login does not work when he tries to update his role to a restricted role for his profile by using Post method of API /service/users/ . 
User having role 'ROLE_SYS_ADMIN' can change his role to 'ROLE_USER'
User having role 'ROLE_KEY_ADMIN' can change his role to 'ROLE_USER'
User having role 'ROLE_USER' should not able to change his role to any other role.
*Proposed solution :* User's new requested role should be validated and if requested role is invalid then server should return error message.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)