Abhishek created RANGER-4546:
--------------------------------
Summary: /assets/ugsyncAudits/{sync_source} API is accessible by
user without permission on audit module
Key: RANGER-4546
URL: https://issues.apache.org/jira/browse/RANGER-4546
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhishek
A user without permission on the audits module is able to access the
/assets/ugsyncAudits/\{sync_source} API.
Ideally, the user should not be allowed to access the API, and it should result
in a 403 error.
If the same user tries to access the /assets/ugsyncAudits API, it results in a
403 error (as expected).
Similarly, the behaviour has to be changed for the
/assets/ugsyncAudits/\{sync_source} API
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
