This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 09ec4d90fbd9afa643eaeca29765563a00866257
Author: Dineshkumar Yadav <dineshkumar.ya...@outlook.com>
AuthorDate: Tue Jan 18 21:31:49 2022 +0530
RANGER-3590 : User with Auditor role in security zone can change a policy's
name and description
Signed-off-by: pradeep <prad...@apache.org>
---
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 098188e..3e10e78 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3551,7 +3551,9 @@ public class ServiceREST {
//for zone policy create /update / delete
if(!StringUtils.isEmpty(policy.getZoneName()) &&
serviceMgr.isZoneAdmin(policy.getZoneName())){
isAllowed = true;
- }else{
+ }else if(!StringUtils.isEmpty(policy.getZoneName()) &&
serviceMgr.isZoneAuditor(policy.getZoneName())){
+ isAllowed = false;
+ }else {
isAllowed = hasAdminAccess(policy, userName,
userGroups);
}
