Re: Review Request 75353: RANGER-5074: keyadmin user is able to get admin user logs

Mon, 28 Apr 2025 08:06:16 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75353/
-----------------------------------------------------------

(Updated April 28, 2025, 3:05 p.m.)


Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, sanket 
shelar, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-5074
    https://issues.apache.org/jira/browse/RANGER-5074


Repository: ranger


Description
-------

The Keyadmin user is able to retrieve admin user logs through the following 
REST APIs:

/service/xaudit/trx_log
/service/xaudit/trx_log/{id}
/service/assets/report
/service/assets/report/{transactionId}


Diffs (updated)
-----

  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
 c074575e4 
  
security-admin/src/main/java/org/apache/ranger/service/RangerTrxLogV2Service.java
 3eb2a707e 


Diff: https://reviews.apache.org/r/75353/diff/2/

Changes: https://reviews.apache.org/r/75353/diff/1-2/


Testing
-------

Tested and verified that the Keyadmin user is unable to retrieve Admin user 
logs when attempting to access the following REST APIs:


/service/xaudit/trx_log
/service/xaudit/trx_log/{id}
/service/assets/report
/service/assets/report/{transactionId}


Thanks,

Rakesh Gupta

Reply via email to