From 43f83b8b6a89536e4bffc6dba1960566cf525e35 Mon Sep 17 00:00:00 2001
From: sanket-shelar <sanket.shelar.dev@gmail.com>
Date: Wed, 12 Nov 2025 16:04:05 +0530
Subject: [PATCH] RANGER-5399: Ranger: HTTP 403 - User '' lacks delegated-admin
 privilege when attempting to GRANT privilege on a database

---
 .../main/java/org/apache/ranger/rest/ServiceREST.java  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 6cffce2745..7b989864fd 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3220,16 +3220,16 @@ void ensureAdminAccess(RangerPolicy policy, String grantor) {
         final boolean isAdmin;
         final boolean isKeyAdmin;
 
-        if (StringUtils.isEmpty(grantor)) {
-            userName   = bizUtil.getCurrentUserLoginId();
-            isAdmin    = bizUtil.isAdmin();
-            isKeyAdmin = bizUtil.isKeyAdmin();
-        } else {
+        if (StringUtils.isEmpty(bizUtil.getCurrentUserLoginId()) && StringUtils.isNotEmpty(grantor)) {
             Collection<String> userRoles = userMgrGrantor.getRolesByLoginId(grantor);
 
             userName   = grantor;
             isAdmin    = userRoles.contains(RangerConstants.ROLE_SYS_ADMIN);
             isKeyAdmin = userRoles.contains(RangerConstants.ROLE_KEY_ADMIN);
+        } else {
+            userName   = bizUtil.getCurrentUserLoginId();
+            isAdmin    = bizUtil.isAdmin();
+            isKeyAdmin = bizUtil.isKeyAdmin();
         }
         boolean isSvcAdmin = isAdmin || svcStore.isServiceAdminUser(policy.getService(), userName);