[ https://issues.apache.org/jira/browse/ATLAS-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nixon Rodrigues updated ATLAS-2009: ----------------------------------- Attachment: ATLAS-2009.patch This patch includes fix in AtlasAuthrozation filter to return the unauthorized request which were landing directly to rest layer even though the error code 403 was set. [~apoorvnaik] Please review the fix. cc:[~madhan.neethiraj] > Any non-admin user in users-credentials.properties is able to access > /api/atlas/admin path > ------------------------------------------------------------------------------------------ > > Key: ATLAS-2009 > URL: https://issues.apache.org/jira/browse/ATLAS-2009 > Project: Atlas > Issue Type: Bug > Components: atlas-core > Reporter: Sharmadha Sainath > Priority: Critical > Attachments: ATLAS-2009.patch > > > Any non-admin user (ex: rangertagsync) specified in > conf/users-credentials.properties is able to access the /api/atlas/admin > path. Is this expected ? > One of the use cases is Export and Import API's ,which should be permitted > only by admin user to be executed. But any user is able to execute it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)