You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Mugdha Varadkar (Jira)" <ji...@apache.org> on 2023/02/15 12:47:00 UTC
[jira] [Assigned] (RANGER-4086) An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
[ https://issues.apache.org/jira/browse/RANGER-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mugdha Varadkar reassigned RANGER-4086:
---------------------------------------
Assignee: Dhaval Rajpara
> An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4086
> URL: https://issues.apache.org/jira/browse/RANGER-4086
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Abhishek
> Assignee: Dhaval Rajpara
> Priority: Major
>
> On the Ranger UI, create a new admin user and login as the newly created user in a different browser.
> Then remove the permissions for the user on any module.
> In the second browser, the newly created user is still able to access the permissions module page and is able to assign permissions to self.
> Ideally, if a user does not have access to all the permission modules, then the user should not be able to edit permissions,
> or if a user tries to remove permissions for an admin user, it should result in an error or a notification stating that permissions for admin users can't be removed
--
This message was sent by Atlassian Jira
(v8.20.10#820010)