Colm, Perhaps you are using the Atlas service-def from Ranger master, against Atlas from branch-0.8 (or from master before ATLAS-2459)? Earlier Atlas versions use a different authorization model, which don't allow access controls at instance/type levels. Please try with Atlas from master branch.
Hope this helps. Madhan On 3/12/18, 11:16 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: Hi all, I'm using the Ranger plugin to secure access to Atlas. How can I create a policy in Ranger to allow a user access to a subset of the entities? So for example, I want to allow "alice" to "read" all entities that have a given type. I created an authorization policy of "type" "Table", but I get the following error: curl -u alice:password "http://localhost:21000/api/atlas/entities?type=Table " <title>Error 403 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}</title> How can I allow authorization for a subset of the entities? I guess I need an authorization policy for "Entity" but it's not clear what values apart from "*" are supported here? Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com