You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Ramesh Mani (Jira)" <ji...@apache.org> on 2021/12/08 07:32:00 UTC

[jira] [Updated] (RANGER-3535) A delegate admin user should be able to add another user with all or subset of permissions they have

     [ https://issues.apache.org/jira/browse/RANGER-3535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramesh Mani updated RANGER-3535:
--------------------------------
    Fix Version/s: 3.0.0

> A delegate admin user should be able to add another user with all or subset of permissions they have
> ----------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-3535
>                 URL: https://issues.apache.org/jira/browse/RANGER-3535
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Steps to reproduce:
>  # Login to Ranger Admin as admin user
>  # Create normal users (steve, peter, erwin, bob) in Ranger Admin
>  # Create new policy p1 with resource /p1 & allowed users steve (read, delegate-admin) & peter (read, delegate-admin)
>  # Create new policy p2 with resource /p2 & allowed users steve (read, write, delegate-admin) & peter (read, delegate-admin)
>  # Create new policy p3 with resource /p3 & allowed users steve (write, delegate-admin) & peter (read, delegate-admin)
>  # Create new policy p4 with resource /p4 & allowed users bob (read, write) & peter (read, delegate-admin)
>  # Log out as admin user, and login again as peter
>  # Try to add user erwin (read) in p1, p2, p3 & p4
>  # delegate admin user peter should be able to add user erwin in all policies, but other than p1 rest all fails.
> Requirement:
>  # Delegate admin user should be able to add other users with permissions less or equal to his/ her.
>  # Delegate admin user should not be able to add other users with permission more than what he/ she possesses. Basically he/ she can give permissions, all or sub-set of permissions he/ she possesses.
>  # Delegate admin user should not be able to add more permissions to his own.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)