KannarFr commented on pull request #7523:
URL: https://github.com/apache/pulsar/pull/7523#issuecomment-776020646
In AuthorizationProducerConsumerTest.testSubscriberPermission,
```java
// grant namespace-level authorization to the subscriptionRole
tenantAdmin.namespaces().grantPermissionOnNamespace(namespace,
subscriptionRole,
Collections.singleton(AuthAction.consume));
// subscriptionRole has namespace-level authorization
sub1Admin.topics().resetCursor(topicName, subscriptionName, 10); // THIS PASS
// grant subscription access to specific different role and only that role
can access the subscription
String otherPrincipal = "Principal-1-to-access-sub";
tenantAdmin.namespaces().grantPermissionOnSubscription(namespace,
subscriptionName,
Collections.singleton(otherPrincipal));
// now, subscriptionRole doesn't have subscription level access so, it will
fail to access subscription
try {
sub1Admin.topics().resetCursor(topicName, subscriptionName, 10); // THIS
PASS BUT MUST NOT PASS
fail("should have fail with authorization exception");
} catch
(org.apache.pulsar.client.admin.PulsarAdminException.NotAuthorizedException e) {
// Ok
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
