You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Nixon Rodrigues (JIRA)" <ji...@apache.org> on 2018/04/11 19:13:00 UTC

[jira] [Created] (RANGER-2065) Entity is readable even if there is no entity-read-classification permission.

Nixon Rodrigues created RANGER-2065:
---------------------------------------

             Summary: Entity is readable even if there is no entity-read-classification permission.
                 Key: RANGER-2065
                 URL: https://issues.apache.org/jira/browse/RANGER-2065
             Project: Ranger
          Issue Type: Bug
          Components: plugins
            Reporter: Nixon Rodrigues
            Assignee: Nixon Rodrigues
             Fix For: 1.1.0


Scenario:
1) create entity and tag, 
2) associate that entity to tag.
3) user1 does not have read classification but read entity.

Make a rest call to read classification details in the entity it fails as expected:
{code:java}
{
"errorCode": "ATLAS-403-00-001",
"errorMessage": "admin is not authorized to perform get classifications: guid=d11fd3de-d99d-4e3f-b489-4c0f97651f7d"
}
{code}
but when we login to UI and open the entity we are able to see classification details despite of having no read classification permission which is same information as what was denied in rest call.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)