Abhay Kulkarni created RANGER-3404:
--------------------------------------
Summary: user with no permissions can access and edit deligate
admin only policies
Key: RANGER-3404
URL: https://issues.apache.org/jira/browse/RANGER-3404
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
>From a user this was created by:
-created new regular user in ranger with no groups or anything.
-that user can see policies that he shouldn't (only ones with just delegate
admin rights).
-If a policy has a delegate admin, this user can see and edit it, but cannot
add more permissions to the policy. Also, user can create a new policy, but it
is only with no permissions and for delegating admin to other users - again
with no permissions.
-If policy has anything on top of delegate admin, then the user gets denied
properly.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
