[
https://issues.apache.org/jira/browse/RANGER-3884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17722714#comment-17722714
]
Mohit Ambalkar commented on RANGER-3884:
----------------------------------------
*Can you try with put request instead of post*
** API :[http://localhost:6080/service/xusers/permission/4]
Json body:
{
"id": 4,
"createDate": "2023-04-26T04:58:41Z",
"updateDate": "2023-05-04T08:48:17Z",
"userId": 21,
"userName" :"temp4",
"owner": "Admin",
"groupPermList": [],
"isAllowed": 1,
"loginId" : "admin",
"module": "Audit",
"updatedBy": "Admin",
"url": "",
"userPermList": [
{
"userId": 21,
"moduleId": 4,
"isAllowed": 1
}
]
}
When we grant audit permission to a new user, an object is created in the
x_module_perm table. When we later make changes to the same user, only the
attribute values are allowed to change. If permission is denied, the value is
set to 0. If permission is granted, the value changes to 1.
However, when we remove the permission, the object with the user ID and module
ID is not deleted from the x_module_perm table. Only the ‘is allowed’ attribute
value is changed. Consequently, when we use a POST method, it checks every time
whether the object with the given user ID and module ID is present or not. This
leads to the following error:
{ "statusCode": 1, "msgDesc": "User with ID [76] is already assigned to
the module with ID [4]", "messageList": [ { "name":
"ERROR_DUPLICATE_OBJECT", "rbKey": "xa.error.duplicate_object",
"message": "Error creating duplicate object" } ]}
Therefore, can you try using PUT request and see if satisfies your use-case
> POST request to /service/xusers/permission/user API results in
> ERROR_DUPLICATE_OBJECT error
> -------------------------------------------------------------------------------------------
>
> Key: RANGER-3884
> URL: https://issues.apache.org/jira/browse/RANGER-3884
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Abhishek
> Priority: Major
>
> When a POST request is made to the url
> \{RANGER_ADMIN_URL}//service/xusers/permission/user to assign permission on a
> module to a user for the first time, the API works as expected and the
> permission is
> assigned to the user on the module.
> But when the permission on the module is removed for the user from the UI,
> and a POST request is made again to assign permission on the same module for
> the same user, it results in the following error
> {code:java|bgColor=#f4f5f7}
> { "statusCode": 1, "msgDesc": "User with ID [76] is already assigned to
> the module with ID [4]", "messageList": [ { "name":
> "ERROR_DUPLICATE_OBJECT", "rbKey": "xa.error.duplicate_object",
> "message": "Error creating duplicate object" } ]} {code}
> *Steps to reproduce:-*
> 1. Create a new user in Ranger Admin
> 2. Make the following POST request using the newly created user's user id and
> username with the following payload
> {code:java|bgColor=#f4f5f7}
> { "userId" : new_user_user_id, "moduleId" : 4, "isAllowed" : 1,
> "userName" : new_user_username, "moduleName" : "Audits", "loginId" :
> new_user_username} {code}
> 3. The user will be granted permissions on the Audits module
> 4. Go to the UI, remove the permissions for the user on the Audits module
> 5. Then make a POST request to the same REST endpoint with the same payload.
> Since the user did not have permissions on the Audits module, the user should
> have
> been granted access on the Audits module, but it results in the following
> error
> {code:java|bgColor=#f4f5f7}
> { "statusCode": 1, "msgDesc": "User with ID [127] is already assigned
> to the module with ID [4]", "messageList": [ { "name":
> "ERROR_DUPLICATE_OBJECT", "rbKey": "xa.error.duplicate_object",
> "message": "Error creating duplicate object" } ]} {code}
> Also, the user id in the error message is always user_id_in_payload - 2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
