This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 81275777b RANGER-3837: Changed ensureAdminAccess and
getRoleIfAccessible so that both admins and service admins can now
get,create,edit,delete roles
81275777b is described below
commit 81275777bfa466806c50109d18922df5d909a876
Author: Fateh Singh <fateh...@gmail.com>
AuthorDate: Fri Jul 22 09:26:12 2022 -0700
RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both
admins and service admins can now get,create,edit,delete roles
Signed-off-by: pradeep <prad...@apache.org>
---
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 1434d11d3..6c475b484 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -909,7 +909,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
- if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+ if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
throw new Exception("User " + effectiveUser + " does not have
permission for this operation");
}
}
@@ -937,7 +937,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
- if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+ if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
existingRole = roleStore.getRole(roleName);
ensureRoleAccess(effectiveUser, userGroups, existingRole);
