[
https://issues.apache.org/jira/browse/RANGER-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nishchith Shetty updated RANGER-3517:
-
Description:
Hello,
Once a policy is created and then all the policies are cleared from Ranger
Admin, the plugin enforces the last policy that was cached instead of clearing
the policies on the client.
*Steps to reproduce*
* Create a allow policy for userA (ID-1)
* Delete the policy ({_}now there are 0 policies on ranger server){_}
* Use the plugin
** Expected/Ideal behaviour - deny (as there's no policy)
** Current behaviour - allow (enforced policy ID-1)
_Note: For each step let the change get synced to the client via plugin_
*Logs (ranger-plugin v2.2.0)*
{code:java}
Downloaded policies do not require policy change !!
Keeping old policy-engine!
Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
{code}
was:
Hello,
Once a policy is created and then all the policies are cleared from Ranger
Admin, the plugin enforces the last policy that was cached instead of clearing
the policies on the client.
*Steps to reproduce*
* Create a allow policy for userA (ID-1)
* Delete the policy ({_}now there are 0 policies on ranger server){_}
* Use the plugin
** Expected/Ideal behaviour - deny (as there's no policy)
** Current behaviour - allow (enforced policy ID-1)
_Note: For each step let the change get synced to the client via plugin_
*Logs (ranger-plugin v2.2.0)*
{{}}
{code:java}
Downloaded policies do not require policy change !!
Keeping old policy-engine!
Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
{code}
{{}}
> Incorrect Policy evaluation on clearing existing policy
> ---
>
> Key: RANGER-3517
> URL: https://issues.apache.org/jira/browse/RANGER-3517
> Project: Ranger
> Issue Type: Bug
> Components: plugins, Ranger
>Affects Versions: 2.2.0
>Reporter: Nishchith Shetty
>Priority: Critical
>
> Hello,
>
> Once a policy is created and then all the policies are cleared from Ranger
> Admin, the plugin enforces the last policy that was cached instead of
> clearing the policies on the client.
>
> *Steps to reproduce*
> * Create a allow policy for userA (ID-1)
> * Delete the policy ({_}now there are 0 policies on ranger server){_}
> * Use the plugin
> ** Expected/Ideal behaviour - deny (as there's no policy)
> ** Current behaviour - allow (enforced policy ID-1)
> _Note: For each step let the change get synced to the client via plugin_
>
> *Logs (ranger-plugin v2.2.0)*
> {code:java}
> Downloaded policies do not require policy change !!
> Keeping old policy-engine!
> Ranger-PolicyVersion:[139], Cached-PolicyVersion:[138]
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)