Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-3535

A delegate admin user should be able to add another user with all or subset of permissions they have

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0, 2.3.0
    • Ranger
    • None

    Description

      Steps to reproduce:

      1. Login to Ranger Admin as admin user
      2. Create normal users (steve, peter, erwin, bob) in Ranger Admin
      3. Create new policy p1 with resource /p1 & allowed users steve (read, delegate-admin) & peter (read, delegate-admin)
      4. Create new policy p2 with resource /p2 & allowed users steve (read, write, delegate-admin) & peter (read, delegate-admin)
      5. Create new policy p3 with resource /p3 & allowed users steve (write, delegate-admin) & peter (read, delegate-admin)
      6. Create new policy p4 with resource /p4 & allowed users bob (read, write) & peter (read, delegate-admin)
      7. Log out as admin user, and login again as peter
      8. Try to add user erwin (read) in p1, p2, p3 & p4
      9. delegate admin user peter should be able to add user erwin in all policies, but other than p1 rest all fails.

      Requirement:

      1. Delegate admin user should be able to add other users with permissions less or equal to his/ her.
      2. Delegate admin user should not be able to add other users with permission more than what he/ she possesses. Basically he/ she can give permissions, all or sub-set of permissions he/ she possesses.
      3. Delegate admin user should not be able to add more permissions to his own.

      Attachments

        Activity

          People

            abhayk Abhay Kulkarni
            abhayk Abhay Kulkarni
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: