You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by "Nixon Rodrigues (JIRA)" <ji...@apache.org> on 2017/04/25 13:10:04 UTC

[jira] [Created] (ATLAS-1752) Atlas Group mapping for ranger doesn't work if using kerberos authentication

Nixon Rodrigues created ATLAS-1752:
--------------------------------------

             Summary: Atlas Group mapping for ranger doesn't work if using kerberos authentication
                 Key: ATLAS-1752
                 URL: https://issues.apache.org/jira/browse/ATLAS-1752
             Project: Atlas
          Issue Type: Bug
    Affects Versions: 0.8-incubating
         Environment: secure
            Reporter: Nixon Rodrigues
            Assignee: Nixon Rodrigues
             Fix For: 0.8-incubating, 0.9-incubating


{code}
[DI50253@devbir1en3l ~]$ curl --negotiate -u : -X GET "http://devbir1on5l:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 
<title>Error 403 {&quot;AuthorizationError&quot;:&quot;You are not authorized for READ on [ENTITY] : *&quot;}</title> 
</head> 
<body><h2>HTTP ERROR 403</h2> 
<p>Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f. Reason: 
<pre> {&quot;AuthorizationError&quot;:&quot;You are not authorized for READ on [ENTITY] : *&quot;}</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> 

</body> 
</html> 

I checked ID of the user and they belong to the group that is in ranger.

If he uses ldap authentication then it group mapping works

[DI50253@devbir1en3l ~]$ curl -u DI50253:xxxxxxxx -X GET "http://devbir1on5l:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" 
{"requestId":"qtp1641313620-23 - \/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f - 3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"dz_1_disc@devbir1","owner":"hive","clusterName":"devbir1","parameters":null},"traitNames":[],"traits":{}}} 
{code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)