Radhika Kundam created ATLAS-5326:
-------------------------------------
Summary: Enforce Atlas authorization on AdminResource REST
endpoints
Key: ATLAS-5326
URL: https://issues.apache.org/jira/browse/ATLAS-5326
Project: Atlas
Issue Type: Bug
Reporter: Radhika Kundam
Assignee: Radhika Kundam
{{AdminResource}} exposes many administrative REST APIs under
{{{}/api/atlas/admin{}}}. Several endpoints were added over time without
calling {{{}AtlasAuthorizationUtils.verifyAccess(){}}}, so any authenticated
user could invoke them without the appropriate Atlas admin or entity privilege.
A smaller set of endpoints are intentionally operational or UI-facing and
should remain accessible to any authenticated user (Spring Security
authentication only), without an additional Atlas privilege check.
Some endpoints already had {{verifyAccess()}} (export, import, audits). This
work aligns the remaining sensitive endpoints with that pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
