From 98e8120a15449865ed0beae00afd9a18ec0ff7b6 Mon Sep 17 00:00:00 2001 From: ramk Date: Sun, 28 Jun 2026 09:43:25 +0530 Subject: [PATCH] RANGER-5657:Limit getAllModuleNames() to sys-admin sessions in SessionMgr --- .../src/main/java/org/apache/ranger/biz/SessionMgr.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index c0064a8f67..9b092b2f65 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -222,7 +222,7 @@ public void resetUserModulePermission(UserSessionBase userSession) { if (xUser != null) { List permissionList; - if (userSession.isUserAdmin() || userSession.isKeyAdmin()) { + if (userSession.isUserAdmin()) { permissionList = daoManager.getXXModuleDef().getAllModuleNames(); } else { permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), xUser.getId());