[
https://issues.apache.org/jira/browse/ATLAS-4170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sidharth Kumar Mishra updated ATLAS-4170:
-----------------------------------------
Attachment: ATLAS-4170.patch
> v2/entity/bulk Entity GET API is able to read unauthorised entities too when
> skipFailedEntities is passed as True
> -----------------------------------------------------------------------------------------------------------------
>
> Key: ATLAS-4170
> URL: https://issues.apache.org/jira/browse/ATLAS-4170
> Project: Atlas
> Issue Type: Bug
> Reporter: Sidharth Kumar Mishra
> Assignee: Sidharth Kumar Mishra
> Priority: Major
> Attachments: ATLAS-4170.patch
>
>
> As part of https://issues.apache.org/jira/browse/ATLAS-3855,
> skipFailedEntities was introduced to ignore the entities where it fails to
> read
> When skipFailedEntities is not passed or is passed as
> skipFailedEntities=False, then we get 403 with below error as expected
> {code:java}
> {
> "errorCode": "ATLAS-403-00-001",
> "errorMessage": "hrt is not authorized to perform read entity:
> guid=ad0f349c-1fe6-46f0-be6d-98ca2e754e1c"
> } {code}
> But when we pass skipFailedEntities=True, then API is able to retrieve the
> data for even those entities on which the user has explicit deny conditions.
> Ideally, we should be ignoring these unauthorised entities and return data
> only for authorised ones.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
