Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-37

Delegated admin user should NOT be allowed to modify base policy

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.4.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently delegated admin user is allowed to change the base policy for HBase/Knox. User should be allowed to edit the policy and make access more restrictive and not broader.

      Steps to reproduce:
      1. Login into system as admin
      2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1 and assign it to "user" ( Note this user should be internal user ) with permissions as : Admin ( Selecting Admin will also highlight all other permissions )
      3. Now login as "user" ( As per policy in step 2, this user is now a "Delegated Admin" user )
      4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2 ColumnFamilies=CF1
      5. Click on save

      Expected result: User should be NOT be allowed to change the Tables ( since he/she was delegated admin ONLY for TBL1/CF1)

      Actual result : The user is allowed to save the policy, which should not be case.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vperiasamy Velmurugan Periasamy
                Reporter:
                vperiasamy Velmurugan Periasamy
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: