Pradeep Agrawal created RANGER-3360:
---------------------------------------
Summary: non delegate admin user are able to grant access even
without having delegate admin priv
Key: RANGER-3360
URL: https://issues.apache.org/jira/browse/RANGER-3360
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 3.0.0, 2.2.0
Reporter: Pradeep Agrawal
Fix For: 2.0.1, 3.0.0
# create ranger admin policy for hrt_21 to allow all the privilege
# use hrt_21 user to grant the privilege with grant option to user hrt_11
# use hrt_21 user to grant the privilege without grant option to user hrt_12
# use hrt_12 user to grant the privilege to any other user eg: hrt_13
Expected Result: hrt_12 should not be able to grant privilege to any other user
as delegate admin/grant option is false for
Actual Result: hrt_12 successfully able to grant privilege to other users
audit shows that operation was allowed by the same policy when actor does not
have delegate admin privilege
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
