-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68096/
-----------------------------------------------------------
(Updated Aug. 1, 2018, 10:11 a.m.)
Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.
Changes
-------
Addressed Review comments and tested the mentioned use cases again.
Bugs: RANGER-2168
https://issues.apache.org/jira/browse/RANGER-2168
Repository: ranger
Description
-------
**Problem Statement:** Currently only user with admin role or a delegated admin
user can create the policy. We can possibly have a service admin user who can
be allowed to create policy. Such users can be configured in the service config
itself and can be removed by admin anytime.
**Proposed Solution:**
Allow admin/keyadmin role users to add a custom service config property
'service.admin.users' through service page.
Users provided in 'service.admin.users' can be internal or external and can
have any role.
Users provided in 'service.admin.users' should able to
create/update/delete/view policies of that ranger service.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
10d8aa209
security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java
5e94855c8
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
e4449df2e
security-admin/src/main/resources/META-INF/jpa_named_queries.xml d2a6f4b09
Diff: https://reviews.apache.org/r/68096/diff/2/
Changes: https://reviews.apache.org/r/68096/diff/1-2/
Testing
-------
**Steps Performed:**
Created an internal user testuser in the Ranger admin.
Added a hive service 'hivedev' in Ranger.
**Action-1**: Logged in from 'testuser' and tried to create a policy
'testpolicy' in 'hivedev' service.
**Expected Behaviour**: Policy creation should fail.
**Actual Behaviour**: Policy creation failed.
**Action-2.1**: Logged in from ranger admin user and added a custom property
'service.admin.users' in 'hivedev' service and provided value 'testuser' in the
given text box. Saved the 'hivedev' service.
**Action-2.2**: Logged in from 'testuser' and tried to create a policy
'testpolicy' in 'hivedev' service.
**Expected Behaviour**: Policy creation should successful.
**Actual Behaviour**: Policy creation finished successfully.
Tested Policy updation and deletion which also executed successfully.
**Action-3.1**: Logged in from ranger admin user and removed custom property
'service.admin.users' from 'hivedev' service. Saved the 'hivedev' service.
**Action-3.2**: Logged in from 'testuser' and tried to create a policy
'testpolicy1' in 'hivedev' service.
**Expected Behaviour**: Policy creation should fail.
**Actual Behaviour**: Policy creation failed.
Thanks,
Pradeep Agrawal
