[jira] [Assigned] (RANGER-4546) /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module

[Pradeep Agrawal (Jira)]

     [ 
https://issues.apache.org/jira/browse/RANGER-4546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reassigned RANGER-4546:
---------------------------------------

    Assignee: Pradeep Agrawal

> /assets/ugsyncAudits/{sync_source} API is accessible by user without 
> permission on audit module
> -----------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4546
>                 URL: https://issues.apache.org/jira/browse/RANGER-4546
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhishek
>            Assignee: Pradeep Agrawal
>            Priority: Major
>
> A user without permission on the audits module is able to access the 
> /assets/ugsyncAudits/\{sync_source} API.
> Ideally, the user should not be allowed to access the API, and it should 
> result in a 403 error.
> If the same user tries to access the /assets/ugsyncAudits API, it results in 
> a 403 error (as expected).
> Similarly, the behaviour has to be changed for the 
> /assets/ugsyncAudits/\{sync_source} API



--
This message was sent by Atlassian Jira
(v8.20.10#820010)