Pradeep Agrawal created RANGER-3360: ---------------------------------------
Summary: non delegate admin user are able to grant access even without having delegate admin priv Key: RANGER-3360 URL: https://issues.apache.org/jira/browse/RANGER-3360 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0, 2.2.0 Reporter: Pradeep Agrawal Fix For: 2.0.1, 3.0.0 # create ranger admin policy for hrt_21 to allow all the privilege # use hrt_21 user to grant the privilege with grant option to user hrt_11 # use hrt_21 user to grant the privilege without grant option to user hrt_12 # use hrt_12 user to grant the privilege to any other user eg: hrt_13 Expected Result: hrt_12 should not be able to grant privilege to any other user as delegate admin/grant option is false for Actual Result: hrt_12 successfully able to grant privilege to other users audit shows that operation was allowed by the same policy when actor does not have delegate admin privilege -- This message was sent by Atlassian Jira (v8.3.4#803005)