-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68185/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.
Bugs: RANGER-2168
https://issues.apache.org/jira/browse/RANGER-2168
Repository: ranger
Description
-------
Patch committed from RR https://reviews.apache.org/r/68096 is having one issue.
When keyadmin user is added as service admin user in kms service then he can't
view the kms policy.
Issue was not there in First patch of RR 68096 but got introduced in second
patch.
Note : If User role user is a Service Admin user in KMS Service then he can't
view the KMS service dashboard but can create/update/delete/view KMS policy
from curl.
If Keyadmin role user is a Service Admin user in NON KMS Service then he can't
do any operation in the policies of that service.
If Admin role user is a Service Admin user in KMS Service then he can do any
operation in the policies of that service from curl but can't view the KMS
service
Diffs
-----
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
c116ea289
Diff: https://reviews.apache.org/r/68185/diff/1/
Testing
-------
Tested following use cases:
USER ROLE | IS Service Admin User
USER | TRUE
USER | FALSE
ADMIN | TRUE
ADMIN | FALSE
KEYADMIN | TRUE
KEYADMIN | FALSE
Service Admin User ROLE | Service Type
USER | NON KMS
USER | KMS
ADMIN | NON KMS
ADMIN | KMS
KEYADMIN | NON KMS
KEYADMIN | KMS
Thanks,
Pradeep Agrawal
