You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Mugdha Varadkar (Jira)" <ji...@apache.org> on 2023/02/15 12:47:00 UTC

[jira] [Assigned] (RANGER-4086) An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self

     [ https://issues.apache.org/jira/browse/RANGER-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mugdha Varadkar reassigned RANGER-4086:
---------------------------------------

    Assignee: Dhaval Rajpara

> An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4086
>                 URL: https://issues.apache.org/jira/browse/RANGER-4086
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhishek
>            Assignee: Dhaval Rajpara
>            Priority: Major
>
> On the Ranger UI, create a new admin user and login as the newly created user in a different browser.
> Then remove the permissions for the user on any module.
> In the second browser, the newly created user is still able to access the permissions module page and is able to assign permissions to self.
> Ideally, if a user does not have access to all the permission modules, then the user should not be able to edit permissions, 
> or if a user tries to remove permissions for an admin user, it should result in an error or a notification stating that permissions for admin users can't be removed



--
This message was sent by Atlassian Jira
(v8.20.10#820010)