{sync_source} API is accessible by user without permission on audit module

Abhishek (Jira) Thu, 30 Nov 2023 06:05:09 -0800


     [ 
https://issues.apache.org/jira/browse/RANGER-4546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Abhishek updated RANGER-4546:
-----------------------------
    Description: Implement best coding practices for the 
/assets/ugsync/\{sync_source} API  (was: A user without permission on the 
audits module is able to access the /assets/ugsyncAudits/\{sync_source} API.
Ideally, the user should not be allowed to access the API, and it should result 
in a 403 error.

If the same user tries to access the /assets/ugsyncAudits API, it results in a 
403 error (as expected).
Similarly, the behaviour has to be changed for the 
/assets/ugsyncAudits/\{sync_source} API)

> /assets/ugsyncAudits/{sync_source} API is accessible by user without 
> permission on audit module
> -----------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4546
>                 URL: https://issues.apache.org/jira/browse/RANGER-4546
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhishek
>            Assignee: Pradeep Agrawal
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: 
> 0002-RANGER-4546-assets-ugsyncAudits-sync_source-API-is-a.patch
>
>
> Implement best coding practices for the /assets/ugsync/\{sync_source} API



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4546) /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module

Reply via email to