Details
Description
The fix of Ranger-1095 set the initial value of "denied" to "true" from the previous "false". One impact of this change is that, when context.getCollectionRequests() is empty which could be the case in many invocations Solr makes to Ranger on authorization per client request, the permission is plainly denied without going to Ranger policy engine. So the fix changed the default behavior related "denied".
A proper fix of Ranger-1095 IMO should be just to set the "denied" to "true" in the catch block without changing the initial value of the variable.
Attachments
Attachments
Issue Links
- is broken by
-
RANGER-1095 Invert authorization logic in RangerSolrAuthorizer
- Resolved