[
https://issues.apache.org/jira/browse/ATLAS-5326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089798#comment-18089798
]
ASF subversion and git services commented on ATLAS-5326:
--------------------------------------------------------
Commit 2e98a4db3523e5f4ad1ede3683bb288674d9955d in atlas's branch
refs/heads/atlas-5326-master from Radhika Kundam
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=2e98a4db3 ]
ATLAS-5326: Enforce Atlas authorization on AdminResource REST endpoints
> Enforce Atlas authorization on AdminResource REST endpoints
> -----------------------------------------------------------
>
> Key: ATLAS-5326
> URL: https://issues.apache.org/jira/browse/ATLAS-5326
> Project: Atlas
> Issue Type: Bug
> Reporter: Radhika Kundam
> Assignee: Radhika Kundam
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {{AdminResource}} exposes many administrative REST APIs under
> {{{}/api/atlas/admin{}}}. Several endpoints were added over time without
> calling {{{}AtlasAuthorizationUtils.verifyAccess(){}}}, so any authenticated
> user could invoke them without the appropriate Atlas admin or entity
> privilege.
> A smaller set of endpoints are intentionally operational or UI-facing and
> should remain accessible to any authenticated user (Spring Security
> authentication only), without an additional Atlas privilege check.
> Some endpoints already had {{verifyAccess()}} (export, import, audits). This
> work aligns the remaining sensitive endpoints with that pattern.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
