-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72870/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and
Velmurugan Periasamy.
Bugs: RANGER-2997
https://issues.apache.org/jira/browse/RANGER-2997
Repository: ranger
Description
-------
Role is assigned to a user based on role assignment rules configured in ranger
usersync. role assignment rules can be defined at user level or group level.
role assignment rule at user level takes precedence. If rule is defined as
follows, and user1 belongs to both groups
'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02'
then user1 will get the role of "ROLE_KEY_ADMIN".
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 323d3d376
Diff: https://reviews.apache.org/r/72870/diff/1/
Testing
-------
1. Patched cluster and verified multiple combinations with AD/LDAP
2. Also verified role are updated properly when group memberships of the user
are updated at the sync source
Thanks,
Sailaja Polavarapu
