Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-2531

Removing a user from a group is not reflected properly in unix based sync.

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.0
    • Component/s: usersync
    • Labels:
      None

      Description

      Ranger Usersync is configured with Unix sync source. When a user is removed from a group using "usermod" command, the changes are not propagated to ranger admin properly. 
      Also, when a user is removed from a group that is defined in the role assignment rules (as sys_admin or key_admin), then the user is still marked with sys_admin or key_admin privilege in range admin.
      For example, I have configured "ranger.usersync.group.based.role.assignment.rules" with value ""&ROLE_SYS_ADMIN:g:hadoop". Any users that belong to hadoop group will have Ranger Admin privilege. 
      Later when a user is removed from hadoop group, then the privilege for this user should be reset to "User" which is not happening.

        Attachments

          Activity

            People

            • Assignee:
              spolavarapu Sailaja Polavarapu
              Reporter:
              spolavarapu Sailaja Polavarapu
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: