[ https://issues.apache.org/jira/browse/RANGER-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583347#comment-17583347 ]
Pradeep Agrawal commented on RANGER-3837: ----------------------------------------- master branch commit link : [https://github.com/apache/ranger/commit/eaeaeb4ed3fbb0db1abe291e67769484aba20f9e] 2.4 branch commit link: https://github.com/apache/ranger/commit/81275777bfa466806c50109d18922df5d909a876 > Allow Ranger non-admins to get, create, edit and delete roles > ------------------------------------------------------------- > > Key: RANGER-3837 > URL: https://issues.apache.org/jira/browse/RANGER-3837 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Fateh Singh > Assignee: Fateh Singh > Priority: Major > Attachments: > 0001-RANGER-3837-Changed-ensureAdminAccess-and-getRoleIfA.patch > > > For Ozone S3 Multi-Tenancy assign user CLI, we would edit a Ranger role to > add a new user. During tenant creation, we create two new Ranger roles > (tenant1-AdminRole and tenant1-UserRole). > As OM prefers using {{om}} user (in {{{}ozone.keytab{}}}) to talk to Ranger, > we wouldn't be able to create/edit/delete roles with that credential. And > there doesn't seem to be a config to allow it at this point -- This message was sent by Atlassian Jira (v8.20.10#820010)