Sanket-Shelar commented on code in PR #731:
URL: https://github.com/apache/ranger/pull/731#discussion_r2541886913
##########
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java:
##########
@@ -3220,7 +3220,7 @@ void ensureAdminAccess(RangerPolicy policy, String
grantor) {
final boolean isAdmin;
final boolean isKeyAdmin;
- if (StringUtils.isEmpty(grantor)) {
+ if (StringUtils.isNotEmpty(bizUtil.getCurrentUserLoginId())) {
Review Comment:
@vyommani - Previously it was prioritzing login user due to which there was
an issue during non kerberos when the session was empty. To resolve it updated
the method to check grantor user but this scenario fails for this scenario when
owner user does not have delegate admin permission.
So we have updated code to revert to original precedence and in case of
empty session it will also check if grantor is present.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
