RANGER-5399: Ranger: HTTP 403 - User '' lacks delegated-admin privile… #731
Conversation
dhavalshah9131
requested review from
dineshkumar-yadav and
pradeepagrawal8184
| final boolean isKeyAdmin; | ||
|
|
||
| if (StringUtils.isEmpty(grantor)) { | ||
| if (StringUtils.isNotEmpty(bizUtil.getCurrentUserLoginId())) { |
There was a problem hiding this comment.
The updated code changes the precedence of user selection. Originally, it prioritized the granter as the admin user, but now it favors the login user. Was this change intentional?
Also, the else block doesn't check if granter is null or empty. Please add this check for consistency.
There was a problem hiding this comment.
@vyommani - Previously it was prioritzing login user due to which there was an issue during non kerberos when the session was empty. To resolve it updated the method to check grantor user but this scenario fails for this scenario when owner user does not have delegate admin permission.
So we have updated code to revert to original precedence and in case of empty session it will also check if grantor is present.
There was a problem hiding this comment.
@Sanket-Shelar thanks for information, I just wanted to confirm the change was intentional.
…ge when attempting to GRANT privilege on a database
Sanket-Shelar
force-pushed
the
RANGER-5399
branch
from
9190e3d to
43f83b8
Compare
2 participants
…ge when attempting to GRANT privilege on a database
What changes were proposed in this pull request?
Updated ensureAdminAccess() method to get user from session and if session is null get user from grantor passed.
How was this patch tested?
Build successful, tested for grant scenarios and working.