Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Bug
-
2.2.0
-
None
-
None
Description
In KMS KeyAuthorizationKeyProvider.checkAccess, it checks whether the ACL is present first for the requested operation.
But the code instead check whether ACL is present for operation KeyOpType.MANAGEMENT: https://github.com/apache/ranger/blob/ranger-2.2/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java#L154