[RANGER-2531] Removing a user from a group is not reflected properly in unix based sync. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.1.0
Component/s: usersync
Labels:
None

Description

Ranger Usersync is configured with Unix sync source. When a user is removed from a group using "usermod" command, the changes are not propagated to ranger admin properly.
Also, when a user is removed from a group that is defined in the role assignment rules (as sys_admin or key_admin), then the user is still marked with sys_admin or key_admin privilege in range admin.
For example, I have configured "ranger.usersync.group.based.role.assignment.rules" with value ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have Ranger Admin privilege.
Later when a user is removed from hadoop group, then the privilege for this user should be reset to "User" which is not happening.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-2531-Removing-a-user-from-a-group-is-not-refl.patch
08/Aug/19 00:58
17 kB
Sailaja Polavarapu

Activity

People

Assignee:: Sailaja Polavarapu

Reporter:: Sailaja Polavarapu

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Aug/19 17:55

Updated:: 04/Sep/20 01:26

Resolved:: 08/Aug/19 23:32