Kishor Gollapalliwar created RANGER-3502:
--------------------------------------------
Summary: Make get zones API accessible to authorized users
Key: RANGER-3502
URL: https://issues.apache.org/jira/browse/RANGER-3502
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Kishor Gollapalliwar
Assignee: Kishor Gollapalliwar
Currently get
[zones|https://ranger.apache.org/apidocs/resource_SecurityZoneREST.html#resource_SecurityZoneREST_getAllZones_GET]
API returns all zones even for users who are not authorized to zone modules.
Restrict this API to only users who are authorized to zone module.
Steps to reproduce:
# Create a internal user name, test_user1
# Remove the permission on Security Zone module for a user
# Login as test_user1 user to Ranger Admin, user should not be able to see
Security Zone tab
# Access the API using curl
{code:java}
curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
"Content-Type:application/json"
"https://<RANGER_ADMIN_HOST>:6182/service/zones/zones"
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
