-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71800/
-----------------------------------------------------------
(Updated Nov. 22, 2019, 8:52 a.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, Nikhil P,
Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2649
https://issues.apache.org/jira/browse/RANGER-2649
Repository: ranger
Description
-------
Preconditions :
User sync source is set to Unix (ranger.usersync.source.impl.class set to
org.apache.ranger.unixusersync.process.UnixUserGroupBuilder)
user2 is a unix user, and user2 is deleted in Ranger
Steps :
1.) Set ranger.usersync.group.based.role.assignment.rules to
ROLE_SYS_ADMIN:u:user2
2.) Restart Ranger
3.) In ranger admin page go to Settings -> Users/Groups. Look for user2, and
observe it has the role 'User'
4.) Restart Ranger again
5.) Repeat step 3. but this time observe that user2 has the role 'Admin'
Expected behaviour :
user2 should get 'Admin' role right after the first restart.
Diffs
-----
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
c113ece
Diff: https://reviews.apache.org/r/71800/diff/1/
Testing
-------
1.Successfully tested the role is getting set for username which is assigned in
ranger.usersync.group.based.role.assignment.rules in first sync itself.
2.Successfully tested the role is getting set for groupname which is assigned
in ranger.usersync.group.based.role.assignment.rules in first sync itself.
3.Tested roles are getting changed when users are already synced.
4.Successfully tested, user with admin role when removed from group then user
is getting set to USER_ROLE.
Thanks,
Dhaval Shah
