You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2019/10/04 04:51:54 UTC
[ranger] branch master updated: RANGER-2603: Delegate Admin
processing incorrectly giving policy access to user - due to owner policies
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 52936a5 RANGER-2603: Delegate Admin processing incorrectly giving policy access to user - due to owner policies
52936a5 is described below
commit 52936a50cfde9959825cd57d62593873941dc9b4
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Thu Oct 3 21:51:43 2019 -0700
RANGER-2603: Delegate Admin processing incorrectly giving policy access to user - due to owner policies
---
.../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 3e00d1e..8469605 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -358,7 +358,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
LOG.debug("==> RangerDefaultPolicyEvaluator.isAccessAllowed(" + resources + ", " + user + ", " + userGroups + ", " + accessType + ")");
}
- boolean ret = isAccessAllowed(user, userGroups, null, user, accessType) && isMatch(resources, null);
+ boolean ret = isAccessAllowed(user, userGroups, null, null, accessType) && isMatch(resources, null);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.isAccessAllowed(" + resources + ", " + user + ", " + userGroups + ", " + accessType + "): " + ret);
@@ -373,7 +373,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
LOG.debug("==> RangerDefaultPolicyEvaluator.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", " + accessType + ")");
}
- boolean ret = isAccessAllowed(user, userGroups, roles, user, accessType) && isMatch(policy, null);
+ boolean ret = isAccessAllowed(user, userGroups, roles, null, accessType) && isMatch(policy, null);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.isAccessAllowed(" + policy.getId() + ", " + user + ", " + userGroups + ", " + roles + ", " + accessType + "): " + ret);