You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by pr...@apache.org on 2022/01/20 03:59:44 UTC

[ranger] 02/02: RANGER-3590 : User with Auditor role in security zone can change a policy's name and description

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 09ec4d90fbd9afa643eaeca29765563a00866257
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Tue Jan 18 21:31:49 2022 +0530

    RANGER-3590 : User with Auditor role in security zone can change a policy's name and description
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 098188e..3e10e78 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3551,7 +3551,9 @@ public class ServiceREST {
 			//for zone policy create /update / delete
 			if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAdmin(policy.getZoneName())){
 				isAllowed = true;
-			}else{
+			}else if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAuditor(policy.getZoneName())){
+				isAllowed = false;
+			}else {
 				isAllowed = hasAdminAccess(policy, userName, userGroups);
 			}