[ https://issues.apache.org/jira/browse/RANGER-4546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal reassigned RANGER-4546: --------------------------------------- Assignee: Pradeep Agrawal > /assets/ugsyncAudits/{sync_source} API is accessible by user without > permission on audit module > ----------------------------------------------------------------------------------------------- > > Key: RANGER-4546 > URL: https://issues.apache.org/jira/browse/RANGER-4546 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Abhishek > Assignee: Pradeep Agrawal > Priority: Major > > A user without permission on the audits module is able to access the > /assets/ugsyncAudits/\{sync_source} API. > Ideally, the user should not be allowed to access the API, and it should > result in a 403 error. > If the same user tries to access the /assets/ugsyncAudits API, it results in > a 403 error (as expected). > Similarly, the behaviour has to be changed for the > /assets/ugsyncAudits/\{sync_source} API -- This message was sent by Atlassian Jira (v8.20.10#820010)