You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2018/05/14 13:44:00 UTC

Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/
-----------------------------------------------------------

Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.


Bugs: ATLAS-2463
    https://issues.apache.org/jira/browse/ATLAS-2463


Repository: atlas


Description
-------

This patch adds documentation to Atlas authorization at entity level for simple authorizer.


Diffs
-----

  docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
  docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
  docs/src/site/twiki/Configure-simple-authorizor.twiki PRE-CREATION 
  docs/src/site/twiki/index.twiki 258dfbb7f 


Diff: https://reviews.apache.org/r/67114/diff/1/


Testing
-------

Tested the documentation after running mvn site


Thanks,

Nixon Rodrigues

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/#review203126
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On May 15, 2018, 12:22 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67114/
> -----------------------------------------------------------
> 
> (Updated May 15, 2018, 12:22 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2463
>     https://issues.apache.org/jira/browse/ATLAS-2463
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch adds documentation to Atlas authorization at entity level for simple authorizer.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
>   docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
>   docs/src/site/twiki/Configure-simple-authorizer.twiki PRE-CREATION 
>   docs/src/site/twiki/index.twiki 258dfbb7f 
> 
> 
> Diff: https://reviews.apache.org/r/67114/diff/2/
> 
> 
> Testing
> -------
> 
> Tested the documentation after running mvn site
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/
-----------------------------------------------------------

(Updated May 15, 2018, 12:22 p.m.)


Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.


Changes
-------

This patches includes changes to fix typo error, changes and review comments by Nigel & David R.


Bugs: ATLAS-2463
    https://issues.apache.org/jira/browse/ATLAS-2463


Repository: atlas


Description
-------

This patch adds documentation to Atlas authorization at entity level for simple authorizer.


Diffs (updated)
-----

  docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
  docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
  docs/src/site/twiki/Configure-simple-authorizer.twiki PRE-CREATION 
  docs/src/site/twiki/index.twiki 258dfbb7f 


Diff: https://reviews.apache.org/r/67114/diff/2/

Changes: https://reviews.apache.org/r/67114/diff/1-2/


Testing
-------

Tested the documentation after running mvn site


Thanks,

Nixon Rodrigues

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by David Radley <da...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/#review203019
-----------------------------------------------------------




docs/src/site/twiki/Authentication-Authorization.twiki
Line 114 (original)
<https://reviews.apache.org/r/67114/#comment285070>

    I suggest adding some words around the nature of this authorization. The fact that Ranger provides instance level authorization. Atlas itself provides authorization mechanisms that allows the user to protect the Atlas metadata. this can be done in a simple manner or using Ranger.



docs/src/site/twiki/Authentication-Authorization.twiki
Line 121 (original)
<https://reviews.apache.org/r/67114/#comment285071>

    missing <Qualified Authorizer Class Name>



docs/src/site/twiki/Authentication-Authorization.twiki
Line 143 (original)
<https://reviews.apache.org/r/67114/#comment285072>

    of => for



docs/src/site/twiki/Authentication-Authorization.twiki
Line 164 (original)
<https://reviews.apache.org/r/67114/#comment285073>

    Can this run without Ambari?



docs/src/site/twiki/Authentication-Authorization.twiki
Line 166 (original)
<https://reviews.apache.org/r/67114/#comment285076>

    I cannot see the link on the Ranger page to its documentation



docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 35 (patched)
<https://reviews.apache.org/r/67114/#comment285074>

    white space issue



docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 68 (patched)
<https://reviews.apache.org/r/67114/#comment285075>

    white space


- David Radley


On May 14, 2018, 1:44 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67114/
> -----------------------------------------------------------
> 
> (Updated May 14, 2018, 1:44 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2463
>     https://issues.apache.org/jira/browse/ATLAS-2463
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch adds documentation to Atlas authorization at entity level for simple authorizer.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
>   docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
>   docs/src/site/twiki/Configure-simple-authorizor.twiki PRE-CREATION 
>   docs/src/site/twiki/index.twiki 258dfbb7f 
> 
> 
> Diff: https://reviews.apache.org/r/67114/diff/1/
> 
> 
> Testing
> -------
> 
> Tested the documentation after running mvn site
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by Nigel Jones <ni...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/#review203025
-----------------------------------------------------------




docs/src/site/twiki/Atlas-Authorization-Model.twiki
Lines 140 (patched)
<https://reviews.apache.org/r/67114/#comment285084>

    Should there be permissions on who can add a specific classification - for example would organizations want to control who can mark info as PII? If so a control may be needed around who can apply certain classifications to any entity?



docs/src/site/twiki/Atlas-Authorization-Model.twiki
Lines 157 (patched)
<https://reviews.apache.org/r/67114/#comment285086>

    WHilst this is a reasonable role to have - I wonder if we should have in the example explicitly, rather than reusing DATA_SCIENTIST?


- Nigel Jones


On May 14, 2018, 2:44 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67114/
> -----------------------------------------------------------
> 
> (Updated May 14, 2018, 2:44 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2463
>     https://issues.apache.org/jira/browse/ATLAS-2463
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch adds documentation to Atlas authorization at entity level for simple authorizer.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
>   docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
>   docs/src/site/twiki/Configure-simple-authorizor.twiki PRE-CREATION 
>   docs/src/site/twiki/index.twiki 258dfbb7f 
> 
> 
> Diff: https://reviews.apache.org/r/67114/diff/1/
> 
> 
> Testing
> -------
> 
> Tested the documentation after running mvn site
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by Nigel Jones <ni...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/#review203027
-----------------------------------------------------------




docs/src/site/twiki/Atlas-Authorization-Model.twiki
Lines 173 (patched)
<https://reviews.apache.org/r/67114/#comment285087>

    type: authorizor -> authorizer



docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 1 (patched)
<https://reviews.apache.org/r/67114/#comment285088>

    Typo in filename - authorizer ?



docs/src/site/twiki/index.twiki
Lines 60 (patched)
<https://reviews.apache.org/r/67114/#comment285089>

    If we rename the files this will need updating


- Nigel Jones


On May 14, 2018, 2:44 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67114/
> -----------------------------------------------------------
> 
> (Updated May 14, 2018, 2:44 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2463
>     https://issues.apache.org/jira/browse/ATLAS-2463
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch adds documentation to Atlas authorization at entity level for simple authorizer.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
>   docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
>   docs/src/site/twiki/Configure-simple-authorizor.twiki PRE-CREATION 
>   docs/src/site/twiki/index.twiki 258dfbb7f 
> 
> 
> Diff: https://reviews.apache.org/r/67114/diff/1/
> 
> 
> Testing
> -------
> 
> Tested the documentation after running mvn site
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 67114: ATLAS-2463 Documentation for Atlas Authorization model and simple authorizer.

Posted by Nigel Jones <ni...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67114/#review203024
-----------------------------------------------------------




docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 163 (patched)
<https://reviews.apache.org/r/67114/#comment285083>

    Can I define a parent type and have it apply to all subtypes?



docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 171 (patched)
<https://reviews.apache.org/r/67114/#comment285082>

    I believe we need the ability to control access based on hierarchical types. So can I add the supertype here and it will apply to all sub types ?



docs/src/site/twiki/Configure-simple-authorizor.twiki
Lines 208 (patched)
<https://reviews.apache.org/r/67114/#comment285081>

    What precedence applies to the rules? As an example if the data scientist creates a new type, who else will be able to access this?
    
    Will an owner always have access?
    
    It appears the creator will not be able to specify permissions as that is a job for the policy author (say in ranger).
    
    So Could a 'default' permission be set for all new types by including a wildcard * in the policies - will this get applied first or last?


- Nigel Jones


On May 14, 2018, 2:44 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67114/
> -----------------------------------------------------------
> 
> (Updated May 14, 2018, 2:44 p.m.)
> 
> 
> Review request for atlas, Apoorv Naik, Ashutosh Mestry, Madhan Neethiraj, and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-2463
>     https://issues.apache.org/jira/browse/ATLAS-2463
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> This patch adds documentation to Atlas authorization at entity level for simple authorizer.
> 
> 
> Diffs
> -----
> 
>   docs/src/site/twiki/Atlas-Authorization-Model.twiki PRE-CREATION 
>   docs/src/site/twiki/Authentication-Authorization.twiki 9832a92e8 
>   docs/src/site/twiki/Configure-simple-authorizor.twiki PRE-CREATION 
>   docs/src/site/twiki/index.twiki 258dfbb7f 
> 
> 
> Diff: https://reviews.apache.org/r/67114/diff/1/
> 
> 
> Testing
> -------
> 
> Tested the documentation after running mvn site
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>