Krishna Chaitanya Muttevi created RANGER-5624:
-------------------------------------------------
Summary: Inconsistent masking of updatedBy field in
/xusers/groups/groupName/{group_name} API compared to /xusers/groups/{id}
Key: RANGER-5624
URL: https://issues.apache.org/jira/browse/RANGER-5624
Project: Ranger
Issue Type: Improvement
Components: admin
Affects Versions: 3.0.0
Reporter: Krishna Chaitanya Muttevi
Attachments: image-2026-06-01-14-52-31-185.png
There is an inconsistency in the masking behavior of the {{updatedBy}} field in
the {{VXGroup}} response across group retrieval APIs. When a group is fetched
using {{{}/xusers/groups/\{id}{{}}}}, the {{updatedBy}} field is masked as
expected. However, when the same group is retrieved using
{{{}/xusers/groups/groupName/\{group_name}{{}}}}, the {{updatedBy}} field is
returned with its actual value instead of being masked.
For example, calling {{GET /service/xusers/groups/groupName/public}} returns
{{{}"updatedBy": "Admin"{}}}, whereas {{{}GET /service/xusers/groups/{id{}}}}
returns a masked value (e.g., {{{}"******"{}}}). This results in inconsistent
API behavior and leads to unintended exposure of user-related metadata through
one endpoint while it remains masked in another.
In below image the underlined red lines would show the true issue and mismatch
in masking field of vXGroup.
!image-2026-06-01-14-51-55-705.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
