[RANGER-3404] user with no permissions can access and edit deligate admin only policies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0, 2.2.0
Component/s: Ranger
Labels:
None

Description

From a user this was created by:
-created new regular user in ranger with no groups or anything.
-that user can see policies that he shouldn't (only ones with just delegate admin rights).
-If a policy has a delegate admin, this user can see and edit it, but cannot add more permissions to the policy. Also, user can create a new policy, but it is only with no permissions and for delegating admin to other users - again with no permissions.
-If policy has anything on top of delegate admin, then the user gets denied properly.

Attachments

Activity

People

Assignee:: Abhay Kulkarni

Reporter:: Abhay Kulkarni

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Sep/21 20:59

Updated:: 08/Dec/21 07:45

Resolved:: 18/Sep/21 05:58