RANGER-5399: Ranger: HTTP 403 - User '' lacks delegated-admin privilege when attempting to GRANT privilege on a database

Sanket-Shelar · Sanket-Shelar · commit 43f83b8b6a89 · 2025-11-19T18:13:22.000+05:30
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3220,16 +3220,16 @@ void ensureAdminAccess(RangerPolicy policy, String grantor) {
         final boolean isAdmin;
         final boolean isKeyAdmin;
 
-        if (StringUtils.isEmpty(grantor)) {
-            userName   = bizUtil.getCurrentUserLoginId();
-            isAdmin    = bizUtil.isAdmin();
-            isKeyAdmin = bizUtil.isKeyAdmin();
-        } else {
+        if (StringUtils.isEmpty(bizUtil.getCurrentUserLoginId()) && StringUtils.isNotEmpty(grantor)) {
             Collection<String> userRoles = userMgrGrantor.getRolesByLoginId(grantor);
 
             userName   = grantor;
             isAdmin    = userRoles.contains(RangerConstants.ROLE_SYS_ADMIN);
             isKeyAdmin = userRoles.contains(RangerConstants.ROLE_KEY_ADMIN);
+        } else {
+            userName   = bizUtil.getCurrentUserLoginId();
+            isAdmin    = bizUtil.isAdmin();
+            isKeyAdmin = bizUtil.isKeyAdmin();
         }
         boolean isSvcAdmin = isAdmin || svcStore.isServiceAdminUser(policy.getService(), userName);
 
