-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71615/
-----------------------------------------------------------
(Updated Oct. 17, 2019, 5:11 p.m.)
Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and
Velmurugan Periasamy.
Bugs: RANGER-2618
https://issues.apache.org/jira/browse/RANGER-2618
Repository: ranger
Description
-------
When we try to delete a role associated with a ranger policy, the operation is
not allowed. Likewise, role edit for rolename change also should be restricted.
Reason:
Rolename edit is allowed and the ranger policy still exists with old rolename
reference. Policy enforcement happens as per old policy. Rolename change is not
taken into consideration during policy download.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 0854ff20e
Diff: https://reviews.apache.org/r/71615/diff/3/
Changes: https://reviews.apache.org/r/71615/diff/2-3/
Testing
-------
Tested on local vm whether rolename update is restricted if it exists in any
policy.
Thanks,
Nikhil P
