-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75408/
-----------------------------------------------------------
Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja
Polavarapu, Velmurugan Periasamy, and Vyom Tiwari.
Bugs: RANGER-4714
https://issues.apache.org/jira/browse/RANGER-4714
Repository: ranger
Description
-------
STEPS TO REPRODUCE:
User u1 exists on ranger side and has policy configured for all access for
table t1
Create new user u2.
Create a hive table and grant access to user u1
As user u1, connect to beeline and execute command 'grant select on table t1 to
user u2 with grant option'
Ranger grant policy is created with user u1 having select permission and
delegate admin flag enabled(for with grant option)
As user u1, connect to beeline and execute command 'grant update on table t1 to
user u2'
Grant policy created earlier is updated to include update permission
CURRENT BEHAVIOUR:
Since policy is updated, delegate admin flag is now set for the policy item for
both select and update permissions for user u2and user u2 is now able to edit
the policy to grant update permissions for other users
EXPECTED BEHAVIOUR:
For grant without specifying 'with grant option', ranger policy should not be
edited if delegate admin is already set on existing policyitem for other
access, instead a new policy item should be added.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
81ed00ec0
Diff: https://reviews.apache.org/r/75408/diff/1/
Testing
-------
Build Successful
Tested grant with/without grant option and it is working
Thanks,
sanket shelar
