Re: Review Request 68096: RANGER-2168: Add service admin user through service config

Wed, 01 Aug 2018 08:39:26 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68096/#review206746
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Aug. 1, 2018, 10:11 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68096/
> -----------------------------------------------------------
> 
> (Updated Aug. 1, 2018, 10:11 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2168
>     https://issues.apache.org/jira/browse/RANGER-2168
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Currently only user with admin role or a delegated 
> admin user can create the policy. We can possibly have a service admin user 
> who can be allowed to create policy. Such users can be configured in the 
> service config itself and can be removed by admin anytime.
> 
> **Proposed Solution:** 
> Allow admin/keyadmin role users to add a custom service config property 
> 'service.admin.users' through service page. 
> Users provided in 'service.admin.users' can be internal or external and can 
> have any role.
> Users provided in 'service.admin.users' should able to 
> create/update/delete/view policies of that ranger service.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 10d8aa209 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 
> 5e94855c8 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> e4449df2e 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml d2a6f4b09 
> 
> 
> Diff: https://reviews.apache.org/r/68096/diff/2/
> 
> 
> Testing
> -------
> 
> **Steps Performed:**
> Created an internal user testuser in the Ranger admin.
> Added a hive service 'hivedev' in Ranger.
> 
> **Action-1**: Logged in from 'testuser' and tried to create a policy 
> 'testpolicy' in 'hivedev' service.
> **Expected Behaviour**: Policy creation should fail.
> **Actual Behaviour**: Policy creation failed.
> 
> **Action-2.1**: Logged in from ranger admin user and added a custom property 
> 'service.admin.users' in 'hivedev' service and provided value 'testuser' in 
> the given text box. Saved the 'hivedev' service.
> **Action-2.2**: Logged in from 'testuser' and tried to create a policy 
> 'testpolicy' in 'hivedev' service.
> **Expected Behaviour**: Policy creation should successful.
> **Actual Behaviour**: Policy creation finished successfully.
> 
> Tested Policy updation and deletion which also executed successfully.
> 
> **Action-3.1**: Logged in from ranger admin user and removed custom property 
> 'service.admin.users' from 'hivedev' service. Saved the 'hivedev' service.
> **Action-3.2**: Logged in from 'testuser' and tried to create a policy 
> 'testpolicy1' in 'hivedev' service.
> **Expected Behaviour**: Policy creation should fail.
> **Actual Behaviour**: Policy creation failed.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Reply via email to