[
https://issues.apache.org/jira/browse/ATLAS-3755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bolke de Bruin updated ATLAS-3755:
----------------------------------
Description:
Atlas does not operate in a isolated environment, this is one of the reasons
the "homeId" system attribute was introduced. Unfortunately system attributes
can only be updated when importing. This means any integration with other
services is significantly limited (Kafka, Rest API will not work). (See also
ATLAS-3754)
To resolve this I propose to make it possible to update the system attributes
when policy allows it. This introduces new
AtlasPrivilege.ENTITY_UPDATE_SYSTEM_ATTRIBUTE and
AtlasPrivilege.ENTITY_CREATE_SYSTEM_ATTRIBUTE next to
AtlasPrivilege.ENTITY_UPDATE_ATTRIBUTE and
AtlasPrivilege.ENTITY_CREATE_ATTRIBUTE rather than just checking on the entity
level. In certain places we will then drop the requirement for an import to be
active as this can now happen through other channels as well.
This allows operators to specify policies that allow granular controls over
attributes and system attributes.
was:
Atlas does not operate in a isolated environment, this is one of the reasons
the "homeId" system attribute was introduced. Unfortunately system attributes
can only be updated when importing. This means any integration with other
services is significantly limited (Kafka, Rest API will not work). (See also
ATLAS-3754)
To resolve this I propose to make it possible to update the system attributes
when `homeId` is present in the entity update. An access check should then
verify whether such an update can happen if a `homeId` is present.
> Allow system attributes to be updated when policy allows
> --------------------------------------------------------
>
> Key: ATLAS-3755
> URL: https://issues.apache.org/jira/browse/ATLAS-3755
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-core
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Bolke de Bruin
> Assignee: Bolke de Bruin
> Priority: Critical
>
> Atlas does not operate in a isolated environment, this is one of the reasons
> the "homeId" system attribute was introduced. Unfortunately system attributes
> can only be updated when importing. This means any integration with other
> services is significantly limited (Kafka, Rest API will not work). (See also
> ATLAS-3754)
> To resolve this I propose to make it possible to update the system attributes
> when policy allows it. This introduces new
> AtlasPrivilege.ENTITY_UPDATE_SYSTEM_ATTRIBUTE and
> AtlasPrivilege.ENTITY_CREATE_SYSTEM_ATTRIBUTE next to
> AtlasPrivilege.ENTITY_UPDATE_ATTRIBUTE and
> AtlasPrivilege.ENTITY_CREATE_ATTRIBUTE rather than just checking on the
> entity level. In certain places we will then drop the requirement for an
> import to be active as this can now happen through other channels as well.
> This allows operators to specify policies that allow granular controls over
> attributes and system attributes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
