RANGER-3590 : User with Auditor role in security zone can change a policy's name and description

Signed-off-by: pradeep <[email protected]>

Author: dineshkumar-yadav

security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java

@@ -3551,7 +3551,9 @@ void ensureAdminAccess(RangerPolicy policy) {
 			//for zone policy create /update / delete
 			if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAdmin(policy.getZoneName())){
 				isAllowed = true;
-			}else{
+			}else if(!StringUtils.isEmpty(policy.getZoneName()) && serviceMgr.isZoneAuditor(policy.getZoneName())){
+				isAllowed = false;
+			}else {
 				isAllowed = hasAdminAccess(policy, userName, userGroups);
 			}