From ac9e1067002afee0ed732920ed79d09274a3a0fb Mon Sep 17 00:00:00 2001
From: Ken Rowland <kenneth.rowland@lexisnexisrisk.com>
Date: Fri, 22 Sep 2023 16:38:47 -0400
Subject: [PATCH] HPCC-30335 Improve scope denied log message

Added username and actual permission to denied log message

Signed-Off-By: kenneth.rowland@lexisnexisrisk.com
---
 dali/base/dadfs.cpp | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/dali/base/dadfs.cpp b/dali/base/dadfs.cpp
index 713041951fe..fece27870fc 100644
--- a/dali/base/dadfs.cpp
+++ b/dali/base/dadfs.cpp
@@ -1379,9 +1379,23 @@ static void checkLogicalScope(const char *scopename,IUserDescriptor *user,bool r
     SecAccessFlags perm = getScopePermissions(scopename,user,auditflags);
     IDFS_Exception *e = NULL;
     if (readreq&&!HASREADPERMISSION(perm))
-        e = new CDFS_Exception(DFSERR_LookupAccessDenied,scopename);
+    {
+        StringBuffer scopeDescription;
+        StringBuffer username("");
+        if (user)
+            user->getUserName(username);
+        scopeDescription.appendf("%s user '%s', assigned access %s (%d)", scopename, username.str(), getSecAccessFlagName(perm), perm);
+        e = new CDFS_Exception(DFSERR_LookupAccessDenied,scopeDescription);
+    }
     else if (createreq&&!HASWRITEPERMISSION(perm))
-        e = new CDFS_Exception(DFSERR_CreateAccessDenied,scopename);
+    {
+        StringBuffer scopeDescription;
+        StringBuffer username("");
+        if (user)
+            user->getUserName(username);
+        scopeDescription.appendf("%s user '%s', assigned access %s (%d)", scopename, username.str(), getSecAccessFlagName(perm), perm);
+        e = new CDFS_Exception(DFSERR_CreateAccessDenied,scopeDescription);
+    }
     if (e)
         throw e;
 }