You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Kishor Gollapalliwar (Jira)" <ji...@apache.org> on 2021/10/29 13:41:00 UTC
[jira] [Created] (RANGER-3502) Make get zones API accessible to
authorized users
Kishor Gollapalliwar created RANGER-3502:
--------------------------------------------
Summary: Make get zones API accessible to authorized users
Key: RANGER-3502
URL: https://issues.apache.org/jira/browse/RANGER-3502
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Kishor Gollapalliwar
Assignee: Kishor Gollapalliwar
Currently get [zones|https://ranger.apache.org/apidocs/resource_SecurityZoneREST.html#resource_SecurityZoneREST_getAllZones_GET] API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module.
Steps to reproduce:
# Create a internal user name, test_user1
# Remove the permission on Security Zone module for a user
# Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab
# Access the API using curl
{code:java}
curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://<RANGER_ADMIN_HOST>:6182/service/zones/zones"
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)