You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@knox.apache.org by me...@gmx.net on 2018/12/13 15:59:27 UTC

Atlas ExportAPI & Read Only Permission -> You are not authorized


Hi All,
we configured an Atlas (Version 0.8.0 with HDP 2.6.4) read only Group via policy-store.txt and so far it is working fine…. But similar like the issue described in https://issues.apache.org/jira/browse/ATLAS-2442 the access to the export API fails with ‘You are not authorized for CREATE on [OPERATION]’
 
< HTTP/1.1 403 {"AuthorizationError":"You are not authorized for CREATE on [OPERATION] : *"}
 
To me it looks like the export API is using a POST (no GET) and so Atlas rejects the same similar as we had with ATLAS-2442.
 
Sample curl export command:
curl -X POST -v -u "user:PW" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
    "itemsToExport": [
        {
         "typeName": "hive_db",
         "uniqueAttributes": { "name": "mydb" },
         "status": "ACTIVE"
        }
    ],
    "options": {
        "fetchType": "connected",
        "matchType": "matches"
    }
}' "http://myatlas-server.com:21000/api/atlas/admin/export" -o output.txt
 
Its my understanding that a ready only user should be able to export, isn’t it? Any thoughts?
 
Regards,
Tom

Re: Atlas ExportAPI & Read Only Permission -> You are not authorized

Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.

Adding Atlas dev,

Tom,

Your concern is right, this issue similar to the exceptional case like
ATLAS-2442.
Please add w-WRITE permission to your user or group to overcome this issue.


Regards,
Nixon


On Thu, Dec 13, 2018 at 10:23 PM <me...@gmx.net> wrote:

>
>
> Hi All,
> we configured an Atlas (Version 0.8.0 with HDP 2.6.4) read only Group via
> policy-store.txt and so far it is working fine…. But similar like the issue
> described in https://issues.apache.org/jira/browse/ATLAS-2442 the access
> to the export API fails with ‘You are not authorized for CREATE on
> [OPERATION]’
>
> < HTTP/1.1 403 {"AuthorizationError":"You are not authorized for CREATE on
> [OPERATION] : *"}
>
> To me it looks like the export API is using a POST (no GET) and so Atlas
> rejects the same similar as we had with ATLAS-2442.
>
> Sample curl export command:
> curl -X POST -v -u "user:PW" -H "Content-Type: application/json" -H
> "Cache-Control: no-cache" -d '{
>     "itemsToExport": [
>         {
>          "typeName": "hive_db",
>          "uniqueAttributes": { "name": "mydb" },
>          "status": "ACTIVE"
>         }
>     ],
>     "options": {
>         "fetchType": "connected",
>         "matchType": "matches"
>     }
> }' "http://myatlas-server.com:21000/api/atlas/admin/export" -o output.txt
>
> Its my understanding that a ready only user should be able to export,
> isn’t it? Any thoughts?
>
> Regards,
> Tom
>
>

Re: Atlas ExportAPI & Read Only Permission -> You are not authorized

Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.

Adding Atlas dev,

Tom,

Your concern is right, this issue similar to the exceptional case like
ATLAS-2442.
Please add w-WRITE permission to your user or group to overcome this issue.


Regards,
Nixon


On Thu, Dec 13, 2018 at 10:23 PM <me...@gmx.net> wrote:

>
>
> Hi All,
> we configured an Atlas (Version 0.8.0 with HDP 2.6.4) read only Group via
> policy-store.txt and so far it is working fine…. But similar like the issue
> described in https://issues.apache.org/jira/browse/ATLAS-2442 the access
> to the export API fails with ‘You are not authorized for CREATE on
> [OPERATION]’
>
> < HTTP/1.1 403 {"AuthorizationError":"You are not authorized for CREATE on
> [OPERATION] : *"}
>
> To me it looks like the export API is using a POST (no GET) and so Atlas
> rejects the same similar as we had with ATLAS-2442.
>
> Sample curl export command:
> curl -X POST -v -u "user:PW" -H "Content-Type: application/json" -H
> "Cache-Control: no-cache" -d '{
>     "itemsToExport": [
>         {
>          "typeName": "hive_db",
>          "uniqueAttributes": { "name": "mydb" },
>          "status": "ACTIVE"
>         }
>     ],
>     "options": {
>         "fetchType": "connected",
>         "matchType": "matches"
>     }
> }' "http://myatlas-server.com:21000/api/atlas/admin/export" -o output.txt
>
> Its my understanding that a ready only user should be able to export,
> isn’t it? Any thoughts?
>
> Regards,
> Tom
>
>