[
https://issues.apache.org/jira/browse/ATLAS-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655801#comment-16655801
]
Saravanan Elumalai commented on ATLAS-2908:
-------------------------------------------
[~nixonrodrigues] Thanks for your response but still it doesn't address the
issue. Let me explain the issue better.
We are using KnoxSSO for authentication with Google OAuth (restricted to a
particular domain) and we have an Active Directory setup for authorization and
group mapping. Atlas is configured to allow only users in a particular group.
When a user logins through OAuth and if the user is available in Active
Directory, access is restricted based on the policy in
conf/atlas-simple-authz-policy.json.
When a user logins through OAuth and if the user is not available in Active
Directory, he is not part of any group so ideally, he should not be able to
perform any operation in Atlas. In Atlas 1.0 the user is not able to view
classification or glossary but he is able to perform search. When the user
clicks the link in search result 'Access Denied' error message is shown. is
this expected behavior?
> Restrict search based on authorization
> --------------------------------------
>
> Key: ATLAS-2908
> URL: https://issues.apache.org/jira/browse/ATLAS-2908
> Project: Atlas
> Issue Type: Improvement
> Affects Versions: 1.0.0
> Reporter: Saravanan Elumalai
> Priority: Major
>
> We are using KnoxSSO for login and *Simple-Authoriser* to restrict access
> based on *groupRoles* mapping. When an user is not part of any group he is
> not able to view the entities or classifications but he is able to perform
> search.
> How to restrict search if the user is not part of any group?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
