> On Aug. 27, 2019, 12:40 a.m., Madhan Neethiraj wrote: > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > > Lines 465 (patched) > > <https://reviews.apache.org/r/71370/diff/1/?file=2162901#file2162901line542> > > > > Should delGroups be removed from cumulativeGroups?
This is taken care in line 455. > On Aug. 27, 2019, 12:40 a.m., Madhan Neethiraj wrote: > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > > Lines 485 (patched) > > <https://reviews.apache.org/r/71370/diff/1/?file=2162901#file2162901line572> > > > > Please review if the following case is handled: when the user was > > removed from a group, the user should be removed from corresponding role as > > well Verified this case. - Sailaja ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71370/#review217449 ----------------------------------------------------------- On Aug. 27, 2019, 5:34 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71370/ > ----------------------------------------------------------- > > (Updated Aug. 27, 2019, 5:34 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-2552 > https://issues.apache.org/jira/browse/RANGER-2552 > > > Repository: ranger > > > Description > ------- > > Modified code to re-evaluate user's role/permissions based on the existing > groups as well as the modified groups. > > > Diffs > ----- > > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java > e5fc68ba8 > > > Diff: https://reviews.apache.org/r/71370/diff/2/ > > > Testing > ------- > > 1. Verified all the existing unit tests ran successfully. > 2. Patched a cluster and verified the user's role/permissions are properly > evaluated for every add/update/delete of group memberships > 3. Also verfied during startup the user permissions are stayed intact as well > as during periodic sync with not updates to the user. > > > Thanks, > > Sailaja Polavarapu > >