[ https://issues.apache.org/jira/browse/ATLAS-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16698896#comment-16698896 ]
Nixon Rodrigues edited comment on ATLAS-2978 at 11/26/18 1:10 PM: ------------------------------------------------------------------ [~abhi63269] Thanks for providing inputs. Found {{atlas.authorizer.simple.authz.policy.file}} property commented in atlas-application.propertes file provided, if the proper file path is provided then file from classpath is picked which may not have the custom role you defined. I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is defined for typesName = .*@_tushar. Atlas does not support type type name with @ . With below role, User *tushar* could search and view entities with qualifiedName **@_tushar* for entiy_type **tushar*, HTH, if you still face the issue, please add the custom typedef with name *tushar for investigation. {noformat} "CUSTOM_ROLE_FRIEND":{ "entityPermissions": [ { "privileges": [ "entity-read", "entity-create" ], "entityTypes": [ ".*" ], "entityIds": [ ".*@_tushar" ], "classifications": [ ".*" ] } ], "typePermissions": [ { "privileges": [ "type-read","type-create" ], "typeCategories": [ ".*" ], "typeNames": [ ".*tushar" ] } ] }{noformat} !Screen Shot 2018-11-26 at 6.20.27 PM.png! was (Author: nixonrodrigues): [~abhi63269] Thanks for providing inputs. Found {{atlas.authorizer.simple.authz.policy.file}} property commented in atlas-application.propertes file provided, if the proper file path is provided then file from classpath is picked which may not have the custom role you defined. I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is defined for typesName = .*@_tushar. Atlas does not support type type name with @ . With below role, User *tushar* could search and view entities with qualifiedName **@_tushar* for entiy_type **tushar*, {noformat} "CUSTOM_ROLE_FRIEND":{ "entityPermissions": [ { "privileges": [ "entity-read", "entity-create" ], "entityTypes": [ ".*" ], "entityIds": [ ".*@_tushar" ], "classifications": [ ".*" ] } ], "typePermissions": [ { "privileges": [ "type-read","type-create" ], "typeCategories": [ ".*" ], "typeNames": [ ".*tushar" ] } ] }{noformat} !Screen Shot 2018-11-26 at 6.20.27 PM.png! > User Authorization is not working as expected > --------------------------------------------- > > Key: ATLAS-2978 > URL: https://issues.apache.org/jira/browse/ATLAS-2978 > Project: Atlas > Issue Type: Bug > Components: atlas-core, atlas-webui > Affects Versions: 1.1.0 > Environment: OS - Ubuntu 16.04 > 64 bit > Reporter: Abhishek Sharma > Priority: Critical > Labels: atlas, authorization > Attachments: Screen Shot 2018-11-26 at 6.20.27 PM.png, > atlas-application.properties, atlas-simple-authz-policy.json, > users-credentials.properties > > > Hello > I am facing 2 issues. > _*1)*_ I was trying to use the simple authorization model provided by atlas > I have made my custom Role with user as 'abhishek' linked to a custom group > and tried to modify atlas-simple-authz-policy.json as per the correct syntax. > presented in the official documentation.Additionally,I also tried to create > another custom role for other user 'tushar' linked to a different group. > Whenever I try to login I get the following error as mentioned below - > _*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 - > 1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception > AtlasBaseException:Instance __AtlasUserProfile with unique attribute > \{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_ > _*The same error comes in log file even if I successfully login through other > user accounts.*_ > Although above error persists but login is successful > _*2)*_ I am successfully able to login with different user accounts that I > mentioned in users-credentials.properties file.However,the custom type that I > created from one account (say** > abhishek) are reflected/shown while logging in from different user > accounts(say tushar). > Why authorization is not working as expected ? > Kindly suggest for the same. > Thanks in Advance > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)