[
https://issues.apache.org/jira/browse/ATLAS-1752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated ATLAS-1752:
-----------------------------------
Description:
{code}
[XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET
"http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 403 {"AuthorizationError":"You are not authorized
for READ on [ENTITY] : *"}</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f.
Reason:
<pre> {"AuthorizationError":"You are not authorized for READ on
[ENTITY] : *"}</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html>
I checked ID of the user and they belong to the group that is in ranger.
If he uses ldap authentication then it group mapping works
[XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET
"http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
{"requestId":"qtp1641313620-23 -
\/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f -
3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"xxxxx","parameters":null},"traitNames":[],"traits":{}}}
{code}
was:
{code}
[XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET
"http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 403 {"AuthorizationError":"You are not authorized
for READ on [ENTITY] : *"}</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f.
Reason:
<pre> {"AuthorizationError":"You are not authorized for READ on
[ENTITY] : *"}</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>
</body>
</html>
I checked ID of the user and they belong to the group that is in ranger.
If he uses ldap authentication then it group mapping works
[XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET
"http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
{"requestId":"qtp1641313620-23 -
\/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f -
3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"devbir1","parameters":null},"traitNames":[],"traits":{}}}
{code}
> Atlas Group mapping for ranger doesn't work if using kerberos authentication
> ----------------------------------------------------------------------------
>
> Key: ATLAS-1752
> URL: https://issues.apache.org/jira/browse/ATLAS-1752
> Project: Atlas
> Issue Type: Bug
> Affects Versions: 0.8-incubating
> Environment: secure
> Reporter: Nixon Rodrigues
> Assignee: Nixon Rodrigues
> Fix For: 0.9-incubating, 0.8.1-incubating
>
> Attachments: ATLAS-1752.patch
>
>
> {code}
> [XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET
> "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
> <title>Error 403 {"AuthorizationError":"You are not authorized
> for READ on [ENTITY] : *"}</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing
> /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f. Reason:
> <pre> {"AuthorizationError":"You are not authorized for READ
> on [ENTITY] : *"}</pre></p><hr><i><small>Powered by
> Jetty://</small></i><hr/>
> </body>
> </html>
> I checked ID of the user and they belong to the group that is in ranger.
> If he uses ldap authentication then it group mapping works
> [XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET
> "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f";
>
> {"requestId":"qtp1641313620-23 -
> \/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f -
> 3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"xxxxx","parameters":null},"traitNames":[],"traits":{}}}
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
