[jira] [Commented] (ATLAS-497) Simple Authorization

[Hemanth Yamijala (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ATLAS-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15266146#comment-15266146
 ] 

Hemanth Yamijala commented on ATLAS-497:
----------------------------------------

Thanks for your response [~saqeeb.s]

Regarding merging updates / creates - will try to help provide a response on 
this after discussion with other as well. OK with taking this as another JIRA.

Regarding the issue of multiple resource types, in 
SimpleAtlasAuthorizer.checkAccess, I am assuming it is this code checking for 
access of multiple resource types:
{code}
        boolean result = true;
        Map<AtlasResourceTypes, List<String>> rescMap = map.get(accessor);
        if (rescMap != null) {
            for (AtlasResourceTypes resourceType : resourceTypes) {
                List<String> accessList = rescMap.get(resourceType);
                if (isDebugEnabled) {
                    LOG.debug("\nChecking for resource : " + resource + " in 
list : " + accessList + "\n");
                }
                if (accessList != null) {
                    result = result && isMatch(resource, accessList);
                }

                if (result == true) {
                    return result;
                }
            }
        }
{code}

If yes, say of the two resource types, the first allows access, but the second 
doesn't. Doesn't the code then return true just based on the first one's 
response (because result is initialized to true). That's the reason why I 
thought we aren't checking for all resource types - can you pl. clarify?

Other responses are fine.

> Simple Authorization
> --------------------
>
>                 Key: ATLAS-497
>                 URL: https://issues.apache.org/jira/browse/ATLAS-497
>             Project: Atlas
>          Issue Type: New Feature
>    Affects Versions: 0.7-incubating
>            Reporter: Erik Bergenholtz
>            Assignee: Saqeeb Shaikh
>             Fix For: 0.7-incubating
>
>         Attachments: ATLAS-497.1.patch, ATLAS-497.2.patch, ATLAS-497.patch
>
>
> Atlas needs to support a simple (out of box) authorization mechanism.
> Defined Roles:
> - Data Scientist: provides a read only view (GET)
> - Data Steward: provides a read/edit view (PUT, POST, DELETE)
> - Admin (can do anything)
> All can comment on entity
> Requirements
> - Atlas will implement a simple file based store for providing user to role 
> mapping
> - The out of box experience will be this file based mechanism for 
> authorization



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)