Colm,
Perhaps you are using the Atlas service-def from Ranger master, against Atlas
from branch-0.8 (or from master before ATLAS-2459)? Earlier Atlas versions use
a different authorization model, which don't allow access controls at
instance/type levels. Please try with Atlas from master branch.
Hope this helps.
Madhan
On 3/12/18, 11:16 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote:
Hi all,
I'm using the Ranger plugin to secure access to Atlas. How can I create a
policy in Ranger to allow a user access to a subset of the entities? So for
example, I want to allow "alice" to "read" all entities that have a given
type. I created an authorization policy of "type" "Table", but I get the
following error:
curl -u alice:password "http://localhost:21000/api/atlas/entities?type=Table
"
<title>Error 403 {"AuthorizationError":"You are not
authorized for READ on [ENTITY] : *"}</title>
How can I allow authorization for a subset of the entities? I guess I need
an authorization policy for "Entity" but it's not clear what values apart
from "*" are supported here?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
