[RANGER-980] User sync does not delete users if they do not exist anymore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.6.0, 0.5.3
Fix Version/s: 3.0.0, 2.2.0
Component/s: usersync
Labels:
- security

Description

usersync for all sources creates users and groups, but does not delete them from Ranger's database if these users and groups do not exists anymore in the original source.

So if you have for example a user called "bob" and bob leaves the company his access rights will continue to exist in Ranger. If a new employee comes in that is also "bob" he is immediately granted the same access as the previous employee. This creates security incidents.

In a reasonable complex company it cannot be expected that another user administration is being taken care of, while deletion could and should happen automatically.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

RANGER-980.patch
05/Jul/16 11:00
6 kB
ruoyu wang
Deleted users and groups support in Ranger (RANGER-980).pdf
22/Dec/20 01:29
59 kB
Sailaja Polavarapu
0001-RANGER-980-User-sync-does-not-delete-users-if-they-d.patch
18/Jul/16 08:14
12 kB
ruoyu wang
0001-RANGER-980-Support-for-deleted-users-groups-in-Range.patch
24/Dec/20 00:52
51 kB
Sailaja Polavarapu

Issue Links

is related to

RANGER-1102 Conflict between internal and external users with same username

Open

relates to

RANGER-3232 A Potential NPE in Issue RANGER-980

Resolved

links to

review board

Activity

People

Assignee:: Sailaja Polavarapu

Reporter:: Bolke de Bruin

Votes:: 5 Vote for this issue

Watchers:: 21 Start watching this issue

Dates

Created:: 10/May/16 08:12

Updated:: 27/Apr/21 21:29

Resolved:: 18/Mar/21 20:26