[
https://issues.apache.org/jira/browse/RANGER-4714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sanket Shelar updated RANGER-4714:
----------------------------------
Affects Version/s: 3.0.0
> Issue with delegate admin and with grant option policy
> ------------------------------------------------------
>
> Key: RANGER-4714
> URL: https://issues.apache.org/jira/browse/RANGER-4714
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: suja s
> Assignee: Sanket Shelar
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> STEPS TO REPRODUCE:
> User u1 exists on ranger side and has policy configured for all access for
> table t1
> Create new user u2.
> Create a hive table and grant access to user u1
> As user u1, connect to beeline and execute command 'grant select on table t1
> to user u2 with grant option'
> Ranger grant policy is created with user u1 having select permission and
> delegate admin flag enabled(for with grant option)
> As user u1, connect to beeline and execute command 'grant update on table t1
> to user u2'
> Grant policy created earlier is updated to include update permission
> CURRENT BEHAVIOUR:
> Since policy is updated, delegate admin flag is now set for the policy item
> for both select and update permissions for user u2and user u2 is now able to
> edit the policy to grant update permissions for other users
> EXPECTED BEHAVIOUR:
> For grant without specifying 'with grant option', ranger policy should not be
> edited if delegate admin is already set on existing policyitem for other
> access, instead a new policy item should be added.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
