Re: Review Request 60421: RANGER-1491 : Automatically map group of external users to Administrator Role

Mon, 07 Aug 2017 08:00:06 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60421/
-----------------------------------------------------------

(Updated Aug. 7, 2017, 2:59 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Initial plan was to provide feature of setting roles for different users for 
sync source = LDAP. Extending implementation to provide same feature for all 
External users(sync source = LDAP / AD / UNIX / File).


Bugs: RANGER-1491
    https://issues.apache.org/jira/browse/RANGER-1491


Repository: ranger


Description
-------

Currently when Ranger connect to external LDAP server than users are 
synchronised and they will get default as "User" role.

It would be a good feature to introduce a mechanism to automatically map 
certain users (e.g. they are in a specific group) to "Administrator" or 
"Keyadmin" role rather than setting as default "User" role.


Diffs (updated)
-----

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 6f77832 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ca06805 
  security-admin/src/main/java/org/apache/ranger/service/XUserService.java 
de95138 
  security-admin/src/main/java/org/apache/ranger/view/VXUser.java ecfd1ac 
  security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 5e0ca20 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 9846f67 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 428ad30 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 19343b2 
  ugsync/src/main/java/org/apache/ranger/unixusersync/model/XUserInfo.java 
7d636fd 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 9ce4abf 
  unixauthservice/scripts/install.properties 00ddef5 
  unixauthservice/scripts/setup.py bbc9226 
  unixauthservice/scripts/templates/installprop2xml.properties fc69f36 
  unixauthservice/scripts/templates/ranger-ugsync-template.xml 5321dc6 


Diff: https://reviews.apache.org/r/60421/diff/4/

Changes: https://reviews.apache.org/r/60421/diff/3-4/


Testing
-------

1. Verified when ranger-admin connect to LDAP server than users are 
synchronised form there they got same role which is specified in usersync-side.
2. Verified unix authentication and usersync.


Thanks,

bhavik patel

Reply via email to