[RANGER-2997] Ranger usersync role assignment issues - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 3.0.0, 2.2.0
Component/s: Ranger
Labels:
None

Description

When syncing users from LDAP and AD following two scenarios fail (unix user syncing is not affected) when checking role assignments.

Setup: two groups with 5 members in total:
rangerdeltaGrp01: rangerdelta00,rangerdelta01,rangerdelta04
rangerdeltaGrp02: rangerdelta02,rangerdelta03,rangerdelta04

User rangerdelta04 is member of both groups.

Scenario 1:

'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02'
expected: rangerdelta04 has only KEY_ADMIN role
actual: has both KEY_ADMIN and SYS_ADMIN roles

Scenario 2:

'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02&ROLE_SYS_ADMIN:u:rangerdelta04'
expected: rangerdelta04 is SYS_ADMIN
actual: it is not

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-2997-Fixed-role-assignment-code-to-assign-onl.patch
15/Sep/20 20:41
2 kB
Sailaja Polavarapu

Activity

People

Assignee:: Sailaja Polavarapu

Reporter:: Csaba Koncz

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Sep/20 20:05

Updated:: 15/Sep/20 20:56

Resolved:: 15/Sep/20 20:56