----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74343/#review225265 -----------------------------------------------------------
Ship it! Ship It! - Abhay Kulkarni On March 9, 2023, 9:27 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74343/ > ----------------------------------------------------------- > > (Updated March 9, 2023, 9:27 a.m.) > > > Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4127 > https://issues.apache.org/jira/browse/RANGER-4127 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** > Currently RangerPolicy object are being fetched from DB bit early and kept in > memory. After that the References of user are deleted from other tables. > Later The same RangerPolicy object which has few references of the same user > is being used to update the policy. Since the user's references are removed > it fails with ForeignKeyConstraintViolation Error. > > Steps to reproduce: > Login from user having "admin" role access and create a user(for example > testuser1). The new user should have "admin" role. > Login from that user(testuser1) and go to create policy page of any ranger > service. Add the same user in policy item. Save the policy. Logout from the > current user(testuser1). > Login from some other user who have "admin" role and try to delete the user > "testuser1". > > output: "Error! Error occurred during deleting Users: testuser1" > > **Proposed solution:** > > Load the Ranger Policies of the user after removing the references of > x_portal_user table from child table. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 49a74cd1e > > > Diff: https://reviews.apache.org/r/74343/diff/1/ > > > Testing > ------- > > Login from user having "admin" role access and created a user "testuser2" > with "admin" role. Logout from "admin" user. > Login from "testuser2" and created a HDFS policy with "testuser2" in the > policy item. Logout from "testuser2" user. > Login from "admin" user and delete the user "testuser2". > > Actual result: "testuser2" was deleted and removed from HDFS policy. > > > Thanks, > > Pradeep Agrawal > >