[
https://issues.apache.org/jira/browse/ATLAS-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089793#comment-18089793
]
ASF subversion and git services commented on ATLAS-5326:
--------------------------------------------------------
Commit a9a66906f76e514189b3a1f126794acc9bfe1943 in atlas's branch
refs/heads/atlas-5326 from Radhika Kundam
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=a9a66906f ]
ATLAS-5326: Enforce Atlas authorization on AdminResource REST endpoints
> Enforce Atlas authorization on AdminResource REST endpoints
> -----------------------------------------------------------
>
> Key: ATLAS-5326
> URL: https://issues.apache.org/jira/browse/ATLAS-5326
> Project: Atlas
> Issue Type: Bug
> Reporter: Radhika Kundam
> Assignee: Radhika Kundam
> Priority: Major
>
> {{AdminResource}} exposes many administrative REST APIs under
> {{{}/api/atlas/admin{}}}. Several endpoints were added over time without
> calling {{{}AtlasAuthorizationUtils.verifyAccess(){}}}, so any authenticated
> user could invoke them without the appropriate Atlas admin or entity
> privilege.
> A smaller set of endpoints are intentionally operational or UI-facing and
> should remain accessible to any authenticated user (Spring Security
> authentication only), without an additional Atlas privilege check.
> Some endpoints already had {{verifyAccess()}} (export, import, audits). This
> work aligns the remaining sensitive endpoints with that pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
