You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2022/08/23 04:45:05 UTC
[ranger] branch master updated: RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new eaeaeb4ed RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
eaeaeb4ed is described below
commit eaeaeb4ed3fbb0db1abe291e67769484aba20f9e
Author: Fateh Singh <fa...@gmail.com>
AuthorDate: Fri Jul 22 09:26:12 2022 -0700
RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
Signed-off-by: pradeep <pr...@apache.org>
---
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 1e74a5ffd..a2ab49a88 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -909,7 +909,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
- if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+ if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
throw new Exception("User " + effectiveUser + " does not have permission for this operation");
}
}
@@ -937,7 +937,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
- if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+ if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
existingRole = roleStore.getRole(roleName);
ensureRoleAccess(effectiveUser, userGroups, existingRole);