[jira] [Commented] (RANGER-3155) Roles are not accessible for Admin User through REST API

Mon, 25 Jan 2021 00:29:04 -0800 


    [ 
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271153#comment-17271153
 ] 

rujia commented on RANGER-3155:
-------------------------------

Thanks [~maheshbandal]. About case2, i think the the response should be :

{code:java}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vxResponse>
    <msgDesc>User non-admin does not have privilege to role role3</msgDesc> 
    <statusCode>1</statusCode>
</vxResponse>
{code}
Because the exec user is none-admin, do you agree with me?
About PMD issues, i list below:
 !screenshot-1.png! 
 !screenshot-2.png! 
 !screenshot-3.png! 

> Roles are not accessible for Admin User through REST API
> --------------------------------------------------------
>
>                 Key: RANGER-3155
>                 URL: https://issues.apache.org/jira/browse/RANGER-3155
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 3.0.0
>            Reporter: Mahesh Hanumant Bandal
>            Assignee: Mahesh Hanumant Bandal
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: screenshot-1.png, screenshot-2.png, screenshot-3.png
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
>  I tried to access GET API 
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it 
> does not return roles which already exist, whereas select * from x_role 
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
> <vxResponse>
>     <msgDesc>Role with name: role1 does not exist</msgDesc>
>     <statusCode>1</statusCode>
> </vxResponse>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =================================================================
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also 
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name} 
> should provide proper message in case of the role does not exist. In case of 
> non-admin user, it should deny access to roles.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to