Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-37

Delegated admin user should NOT be allowed to modify base policy

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.4.0
    • None
    • None

    Description

      Currently delegated admin user is allowed to change the base policy for HBase/Knox. User should be allowed to edit the policy and make access more restrictive and not broader.

      Steps to reproduce:
      1. Login into system as admin
      2. Create HBase policy with Tables=TBL1, ColumnFamilies=CF1 and assign it to "user" ( Note this user should be internal user ) with permissions as : Admin ( Selecting Admin will also highlight all other permissions )
      3. Now login as "user" ( As per policy in step 2, this user is now a "Delegated Admin" user )
      4. Click on Edit policy and add TBL2 to the list of Tables. Final set : Tables=TBL1,TBL2 ColumnFamilies=CF1
      5. Click on save

      Expected result: User should be NOT be allowed to change the Tables ( since he/she was delegated admin ONLY for TBL1/CF1)

      Actual result : The user is allowed to save the policy, which should not be case.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            vel Velmurugan Periasamy
            vel Velmurugan Periasamy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment