----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72601/#review221031 -----------------------------------------------------------
webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java Line 808 (original), 811 (patched) <https://reviews.apache.org/r/72601/#comment309813> consider replacing 811 and 812 with: entitiesStore.getHeaderById(guid); this internally checks for authorization. - Sarath Subramanian On June 17, 2020, 7:48 a.m., chaitali wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72601/ > ----------------------------------------------------------- > > (Updated June 17, 2020, 7:48 a.m.) > > > Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, > and Sarath Subramanian. > > > Bugs: ATLAS-3845 > https://issues.apache.org/jira/browse/ATLAS-3845 > > > Repository: atlas > > > Description > ------- > > Audit api was returning all entities details even after blocking the rights > for read entity in Ranger policy-This patch handles the issue by adding > verify access check. > > > Diffs > ----- > > webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f > > > Diff: https://reviews.apache.org/r/72601/diff/1/ > > > Testing > ------- > > Tested by adding deny policy for read/create entity in Ranger > > > Thanks, > > chaitali > >
