[
https://issues.apache.org/jira/browse/RANGER-3966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj updated RANGER-3966:
-------------------------------------
Attachment: RANGER-3966.patch
> incorrect roles used in policy evaluation for custom RangerAccessRequest impl
> -----------------------------------------------------------------------------
>
> Key: RANGER-3966
> URL: https://issues.apache.org/jira/browse/RANGER-3966
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Attachments: RANGER-3966.patch
>
>
> At the start of evaluating an access request, Ranger plugin finds all roles
> applicable for the user and user's groups, and saves them in request context
> for later use during policy evaluation. However, request.roles is used in
> couple of places instead of the roles saved in request context. This can
> potentially result in incorrect results when a custom RangerAccessRequest
> (which doesn't extend RangerAccessRequestImpl) is used.
>
> The fix will be to make sure roles saved in context are used consistently
> everywhere.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
