Fang-Yu Rao created RANGER-3125:
-----------------------------------
Summary: RangerBasePlugin#dropRole() reveals the non-existence of
a role to non-Ranger administrators
Key: RANGER-3125
URL: https://issues.apache.org/jira/browse/RANGER-3125
Project: Ranger
Issue Type: Bug
Components: plugins, Ranger
Reporter: Fang-Yu Rao
We found that when a non-Ranger administrator is trying to remove a role that
does not exist in Ranger, the error message returned from
{{RangerBasePlugin#dropRole()}} at
https://github.com/apache/ranger/blob/b8f76a8be532e3d41cca5acfb7cfbe6c35e469f1/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java#L496-L506
would indicate that the name of the role does not exist, which reveals the
non-existence of the role.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
