Alberto Romero created ATLAS-2784:
-------------------------------------
Summary: Wildcards not supported for authorization granularity in
Ranger policies
Key: ATLAS-2784
URL: https://issues.apache.org/jira/browse/ATLAS-2784
Project: Atlas
Issue Type: Improvement
Components: atlas-core
Affects Versions: 0.8.2
Reporter: Alberto Romero
Creating Ranger policies for Atlas resources (such as entities, types, terms,
taxonomies) does not allow for actual multitenancy or segregation of
permissions due to policies ignoring wildcards (*). For example, cannot define
a policy for type "user_*" to allow users or groups of users to create, read or
update only types that start with the string "user_".
The problem is that Atlas throws a 403 error "You are not authorized for READ
on [ENTITY] : *" even when trying to read a specific entity that would match
the pattern that contains the wildcard. In the UI is exactly the same. The
expected behaviour would be for the user to only be able to see entities,
terms, etc that match the pattern but the fact is that it complains about not
having being able to READ on [ENTITY] : *. The '*' in error is the clue there,
it is actually expecting access to everything.
It is only when we add the users to a policy that gives them access to '*' that
it works for them.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
