This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 81275777b RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles 81275777b is described below commit 81275777bfa466806c50109d18922df5d909a876 Author: Fateh Singh <fateh...@gmail.com> AuthorDate: Fri Jul 22 09:26:12 2022 -0700 RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles Signed-off-by: pradeep <prad...@apache.org> --- security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 1434d11d3..6c475b484 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -909,7 +909,7 @@ public class RoleREST { effectiveUser = loggedInUser; } - if (!bizUtil.isUserRangerAdmin(effectiveUser)) { + if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { throw new Exception("User " + effectiveUser + " does not have permission for this operation"); } } @@ -937,7 +937,7 @@ public class RoleREST { effectiveUser = loggedInUser; } try { - if (!bizUtil.isUserRangerAdmin(effectiveUser)) { + if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { existingRole = roleStore.getRole(roleName); ensureRoleAccess(effectiveUser, userGroups, existingRole);