You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2018/12/14 06:25:49 UTC

Re: Atlas ExportAPI & Read Only Permission -> You are not authorized

Adding Atlas dev,

Tom,

Your concern is right, this issue similar to the exceptional case like
ATLAS-2442.
Please add w-WRITE permission to your user or group to overcome this issue.


Regards,
Nixon


On Thu, Dec 13, 2018 at 10:23 PM <me...@gmx.net> wrote:

>
>
> Hi All,
> we configured an Atlas (Version 0.8.0 with HDP 2.6.4) read only Group via
> policy-store.txt and so far it is working fine…. But similar like the issue
> described in https://issues.apache.org/jira/browse/ATLAS-2442 the access
> to the export API fails with ‘You are not authorized for CREATE on
> [OPERATION]’
>
> < HTTP/1.1 403 {"AuthorizationError":"You are not authorized for CREATE on
> [OPERATION] : *"}
>
> To me it looks like the export API is using a POST (no GET) and so Atlas
> rejects the same similar as we had with ATLAS-2442.
>
> Sample curl export command:
> curl -X POST -v -u "user:PW" -H "Content-Type: application/json" -H
> "Cache-Control: no-cache" -d '{
>     "itemsToExport": [
>         {
>          "typeName": "hive_db",
>          "uniqueAttributes": { "name": "mydb" },
>          "status": "ACTIVE"
>         }
>     ],
>     "options": {
>         "fetchType": "connected",
>         "matchType": "matches"
>     }
> }' "http://myatlas-server.com:21000/api/atlas/admin/export" -o output.txt
>
> Its my understanding that a ready only user should be able to export,
> isn’t it? Any thoughts?
>
> Regards,
> Tom
>
>