You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@atlas.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/09/30 05:07:00 UTC

[jira] [Commented] (ATLAS-3950) Read Type Auth : Classification, Business metadata , Entity types are able to have attributes of type which are not permissible to read

    [ https://issues.apache.org/jira/browse/ATLAS-3950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204465#comment-17204465 ] 

ASF subversion and git services commented on ATLAS-3950:
--------------------------------------------------------

Commit d4a50aadfc2e7076d8e5281f9be60fad4c5c232d in atlas's branch refs/heads/master from chaitali borole
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=d4a50aa ]

ATLAS-3950 : Authorize for Read Type for Classification, Business metadata , Entity typesdef attributes.

Signed-off-by: nixonrodrigues <ni...@apache.org>


> Read Type Auth : Classification, Business metadata , Entity types are able to have attributes of type which are not permissible to read
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-3950
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3950
>             Project: Atlas
>          Issue Type: Improvement
>    Affects Versions: 3.0.0
>            Reporter: chaitali borole
>            Assignee: chaitali borole
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Steps to reproduce :-
> hrt_qa has :
> CRUD permissions on hive_table type
> CRUD permissions on all business_metadata type.
> hrt_qa creates a business metadata bm1
> hrt_qa is able to create an attribute for bm1 - say attrib1 which allows Applicable types to be anything. UI displays only hive_table but through REST , hrt_qa is able to add any type as Applicable type.
>  
> Same for classifications :
> hrt_qa has CRUD permissions on all classification types but read only for hive_table entity type.
> Through REST , hrt_qa is able to add all types as entityTypes.
> Example REST call where allowed entity types are hive_table and hdfs_path :
>  
> {code:java}
> /api/atlas/v2/types/typedefs?type=classification
> { "classificationDefs":[
> { "name":"PII", "description":"PII", "superTypes":[ ], "attributeDefs":[ ], "entityTypes":[ "hdfs_path", "hive_table" ], "category":"CLASSIFICATION", "guid":"123456789" }
> ], "entityDefs":[
> ], "enumDefs":[
> ], "structDefs":[
> ]
>  }
>   
> {code}
>  
>  Call succeeds with 200 Ok.
>  
> For Entity type:
> Updating hive_table entity typedef with a new attribute of  type hdfs_path is allowed.
>  
> Expected is , in all 3 cases of business metadata , classification and entity, response to be authorization denied because hdfs_path type provided.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)