----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73154/ -----------------------------------------------------------
Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3155 https://issues.apache.org/jira/browse/RANGER-3155 Repository: ranger Description ------- Reverted RANGER-3135 patch as it breaks current functionality to access role for ranger admin and provided a fix with its root cause to represent proper message in case of role does not exist. Earlier it was showing "User doesn't have permissions to get details for role" even if role does not exist. With this patch we Admin user can access roles and if role does not exist it shows message as "Role with name: ROLETEST does not exist". For non-admin user it behaves as it is. It shows "User doesn't have permissions to get details for ROLETEST". This fix simply throws an error caught in getRoleIfAccessible() function of RoleREST.java class to parent method. Parent method prints appropriate message caught in exception. And reverted changes made in RANGER-3135. Diffs ----- security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 20db16da6 Diff: https://reviews.apache.org/r/73154/diff/1/ Testing ------- For admin user : 1. If role is present - API returns role information. 2. If role does not exist - API will return "Role with name: ROLETEST does not exist. 3. If role exist and ?execUser=non-admin - API will return "User non-admin does not have privilege to role ROLETEST" For non-admin user : 1. It shows "User doesn't have permissions to get details for ROLETEST". Thanks, Mahesh Bandal