You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2022/01/20 03:59:44 UTC
[ranger] 02/02: RANGER-3590 : User with Auditor role in security zone can change a policy's name and description
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 09ec4d90fbd9afa643eaeca29765563a00866257
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Tue Jan 18 21:31:49 2022 +0530
RANGER-3590 : User with Auditor role in security zone can change a policy's name and description
Signed-off-by: pradeep <pr...@apache.org>
---
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 098188e..3e10e78 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3551,7 +3551,9 @@ public class ServiceREST {
//for zone policy create /update / delete
if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAdmin(policy.getZoneName())){
isAllowed = true;
- }else{
+ }else if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAuditor(policy.getZoneName())){
+ isAllowed = false;
+ }else {
isAllowed = hasAdminAccess(policy, userName, userGroups);
}