[jira] [Commented] (ATLAS-3950) Read Type Auth : Classification, Business metadata , Entity types are able to have attributes of type which are not permissible to read

Tue, 29 Sep 2020 22:07:40 -0700 


    [ 
https://issues.apache.org/jira/browse/ATLAS-3950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204465#comment-17204465
 ] 

ASF subversion and git services commented on ATLAS-3950:
--------------------------------------------------------

Commit d4a50aadfc2e7076d8e5281f9be60fad4c5c232d in atlas's branch 
refs/heads/master from chaitali borole
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=d4a50aa ]

ATLAS-3950 : Authorize for Read Type for Classification, Business metadata , 
Entity typesdef attributes.

Signed-off-by: nixonrodrigues <[email protected]>


> Read Type Auth : Classification, Business metadata , Entity types are able to 
> have attributes of type which are not permissible to read
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-3950
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3950
>             Project: Atlas
>          Issue Type: Improvement
>    Affects Versions: 3.0.0
>            Reporter: chaitali borole
>            Assignee: chaitali borole
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Steps to reproduce :-
> hrt_qa has :
> CRUD permissions on hive_table type
> CRUD permissions on all business_metadata type.
> hrt_qa creates a business metadata bm1
> hrt_qa is able to create an attribute for bm1 - say attrib1 which allows 
> Applicable types to be anything. UI displays only hive_table but through REST 
> , hrt_qa is able to add any type as Applicable type.
>  
> Same for classifications :
> hrt_qa has CRUD permissions on all classification types but read only for 
> hive_table entity type.
> Through REST , hrt_qa is able to add all types as entityTypes.
> Example REST call where allowed entity types are hive_table and hdfs_path :
>  
> {code:java}
> /api/atlas/v2/types/typedefs?type=classification
> { "classificationDefs":[
> { "name":"PII", "description":"PII", "superTypes":[ ], "attributeDefs":[ ], 
> "entityTypes":[ "hdfs_path", "hive_table" ], "category":"CLASSIFICATION", 
> "guid":"123456789" }
> ], "entityDefs":[
> ], "enumDefs":[
> ], "structDefs":[
> ]
>  }
>   
> {code}
>  
>  Call succeeds with 200 Ok.
>  
> For Entity type:
> Updating hive_table entity typedef with a new attribute of  type hdfs_path is 
> allowed.
>  
> Expected is , in all 3 cases of business metadata , classification and 
> entity, response to be authorization denied because hdfs_path type provided.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to