Review Request 42602: RANGER-204 : Not able to delete user or group if user/group has any policy defined.

Wed, 27 Jan 2016 17:08:27 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42602/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan 
Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-204
    https://issues.apache.org/jira/browse/RANGER-204


Repository: ranger


Description
-------

Problem Statement : Delete rest api of User not deleting user completely from 
system and not able to delete user or group if user/group has any policy 
defined.

Proposed Solution:
Delete User/Group Rest will have 'forceDelete' queryParam, if 'forceDelete' is 
true then User/group and their references shall be deleted permanently from db, 
if 'forceDelete' is false and if there are any references of provided 
User/Group then User/Group visibility shall be set to 'Hidden'. If 
'forceDelete' is false and there are no references then system will try to 
permanently delete User/group from DB. 
If 'forceDelete' is not passed in request then it will be set to false. Delete 
User/Group related audit log will be logged in x_trx_log table and shall be 
available in ranger logs also.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 3784439 
  security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java aaa4fa5 
  security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java 
4c9bdc5 
  security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java 
df2796c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 006964c 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 448a60a 
  security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java 
462b81a 
  
security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java 
41c4552 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml f3aa431 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 8ace44b 

Diff: https://reviews.apache.org/r/42602/diff/


Testing
-------

Tested following REST with forceDelete value as 'true'/'false'.
1. service/xusers/users/userName/{userName}
2. service/xusers/groups/groupName/{groupName}
3. service/xusers/users/{id}
4. service/xusers/groups/{id}

Below are the observations:
400/Bad Request if Group/User does'nt exist.
204/No Content if Group/User is deleted or their status is changed to 'Hidden'
Delete/Update logs can be in Admin Audit log tab.
'Warn' logs was observed if Group/User and their references were deleted.


Thanks,

Gautam Borad

Reply via email to