1 files changed, 6 insertions, 6 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
index 04bb6f2ec..00e313a80 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRequestDAO.java
@@ -169,7 +169,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         }
 
         authz.checkRealm(request.getRealm(), authToken, request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER),
-                "keyRequest", "read");
+                "certServer.kra.request", "read");
 
         KeyRequestInfo info = createKeyRequestInfo(request, uriInfo);
         return info;
@@ -264,7 +264,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         }
 
         try {
-            authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover");
+            authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "certServer.kra.key", "recover");
         } catch (EAuthzUnknownRealm e) {
             throw new UnauthorizedException("Invalid realm", e);
         } catch (EBaseException e) {
@@ -322,7 +322,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         }
 
         try {
-            authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "key", "recover");
+            authz.checkRealm(rec.getRealm(), authToken, rec.getOwnerName(), "certServer.kra.key", "recover");
         } catch (EAuthzUnknownRealm e) {
             throw new UnauthorizedException("Invalid realm", e);
         } catch (EBaseException e) {
@@ -504,7 +504,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         IRequest request = queue.findRequest(id);
         authz.checkRealm(request.getRealm(), authToken,
                 request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER),
-                "keyRequest", "approve");
+                "certServer.kra.requests", "execute");
 
         service.addAgentAsyncKeyRecovery(id.toString(), requestor);
     }
@@ -514,7 +514,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         String realm = request.getRealm();
         authz.checkRealm(realm, authToken,
                 request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER),
-                "keyRequest", "reject");
+                "certServer.kra.requests", "execute");
         request.setRequestStatus(RequestStatus.REJECTED);
         queue.updateRequest(request);
     }
@@ -524,7 +524,7 @@ public class KeyRequestDAO extends CMSRequestDAO {
         String realm = request.getRealm();
         authz.checkRealm(realm, authToken,
                 request.getExtDataInString(IRequest.ATTR_REQUEST_OWNER),
-                "keyRequest", "cancel");
+                "certServer.kra.requests", "execute");
         request.setRequestStatus(RequestStatus.CANCELED);
         queue.updateRequest(request);
     }