abhishekagarwal87 commented on code in PR #12959:
URL: https://github.com/apache/druid/pull/12959#discussion_r955931030
##########
extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/BasicRoleBasedAuthorizer.java:
##########
@@ -90,7 +94,11 @@ public Access authorize(AuthenticationResult
authenticationResult, Resource reso
Map<String, BasicAuthorizerRole> roleMap = roleProvider.getRoleMap(name);
if (roleNames.isEmpty()) {
- return new Access(false);
+ LOG.info("No roles found for authorizer [%s] and user [%s]", name,
authenticationResult.getIdentity());
+ return new Access(false, StringUtils.format("You don't have '%s'
permission for Resource [%s:%s]",
+ action.name(),
+ resource.getType(),
+ resource.getName()));
Review Comment:
The PR doesn't change the error code in any way. We are appending the
information to the error. I think it is safe to expose the name of the resource
that they are trying to access.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
