-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68185/
-----------------------------------------------------------
(Updated Aug. 3, 2018, 11:12 a.m.)
Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, suja s, and Velmurugan Periasamy.
Changes
-------
updated descriptions.
Bugs: RANGER-2168
https://issues.apache.org/jira/browse/RANGER-2168
Repository: ranger
Description (updated)
-------
Patch committed from RR https://reviews.apache.org/r/68096 is having one issue.
When keyadmin user is added as service admin user in kms service then he can't
view the kms policy.
Issue was not there in First patch of RR 68096 but got introduced in second
patch.
**Note:**
1) If there are too many policies then please update following options value in
ranger-admin-services.sh :
-XX:MaxPermSize
-Xmx
-Xms
Diffs
-----
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
c116ea289
Diff: https://reviews.apache.org/r/68185/diff/1/
Testing (updated)
-------
Tested following use cases:
USER ROLE | IS Service Admin User
USER | TRUE
USER | FALSE
ADMIN | TRUE
ADMIN | FALSE
KEYADMIN | TRUE
KEYADMIN | FALSE
Service Admin User ROLE | Service Type
USER | NON KMS
USER | KMS
ADMIN | NON KMS
ADMIN | KMS
KEYADMIN | NON KMS
KEYADMIN | KMS
**Observations:**
1) If Admin role user is a Service Admin user in KMS Service then he can't do
any operations in the policies of that service.
2) If Keyadmin role user is a Service Admin user in a NON KMS Service then he
can't do any operations in the policies of that service.
3) If User role user is a Service Admin user in KMS Service then he can't view
the KMS service dashboard.
Thanks,
Pradeep Agrawal
