You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by ab...@apache.org on 2019/10/04 04:51:54 UTC

[ranger] branch master updated: RANGER-2603: Delegate Admin processing incorrectly giving policy access to user - due to owner policies

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 52936a5  RANGER-2603: Delegate Admin processing incorrectly giving policy access to user - due to owner policies
52936a5 is described below

commit 52936a50cfde9959825cd57d62593873941dc9b4
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Thu Oct 3 21:51:43 2019 -0700

    RANGER-2603: Delegate Admin processing incorrectly giving policy access to user - due to owner policies
---
 .../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 3e00d1e..8469605 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -358,7 +358,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 			LOG.debug("==> RangerDefaultPolicyEvaluator.isAccessAllowed(" + resources + ", " + user + ", " + userGroups + ", " + accessType + ")");
 		}
 
-		boolean ret = isAccessAllowed(user, userGroups, null, user, accessType) && isMatch(resources, null);
+		boolean ret = isAccessAllowed(user, userGroups, null, null, accessType) && isMatch(resources, null);
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("<== RangerDefaultPolicyEvaluator.isAccessAllowed(" + resources + ", " + user + ", " + userGroups + ", " + accessType + "): " + ret);
@@ -373,7 +373,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 			LOG.debug("==> RangerDefaultPolicyEvaluator.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", " + accessType + ")");
 		}
 
-		boolean ret = isAccessAllowed(user, userGroups, roles, user, accessType) && isMatch(policy, null);
+		boolean ret = isAccessAllowed(user, userGroups, roles, null, accessType) && isMatch(policy, null);
 		
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("<== RangerDefaultPolicyEvaluator.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", " + accessType + "): " + ret);