Colm, Authorizations are in place for following operations on entity: - create/update/delete/get - add/update/remove of classifications
Requirements on filtering of search results based on authorizations needs to be discussed further. If you have usecases, can you please file an Atlas JIRA? Madhan On 3/15/18, 6:19 AM, "Colm O hEigeartaigh" <[email protected]> wrote: I was able to get past the problems in the previous mail. I'm trying to use the v2 API but authorization doesn't seem to kick in: curl -v -u username:password http://localhost:21000/api/atlas/v2/search/basic?typeName=hdfs_path This call succeeds without the Ranger plugin being called. In 'conf/application.properties' I have "atlas.authorizer.impl = RANGER" and there are no obvious errors in the logs. Is the Atlas authorization framework integrated with the newer REST API yet? Colm. On Tue, Mar 13, 2018 at 5:49 PM, Colm O hEigeartaigh <[email protected]> wrote: > Thanks Madhan. Just to clarify - ATLAS-2459 is not yet applied, so do I > have to apply this manually to get this to work? > > When trying to install the current Ranger 1.1.0-SNAPSHOT plugin with the > latest Atlas SNAPSHOT distribution I see an error in application.log: > > java.lang.NoClassDefFoundError: org/codehaus/jackson/jaxrs/ > JacksonJsonProvider > at org.apache.ranger.plugin.util.RangerRESTClient.buildClient( > RangerRESTClient.java:209) > > I'm wondering if there is a conflict between the jackson-jaxrs-1.9.13.jar > in the Atlas plugin lib and the version of Jackson used in Atlas? > > Colm. > > On Mon, Mar 12, 2018 at 9:14 PM, Madhan Neethiraj <[email protected]> > wrote: > >> Colm, >> >> Perhaps you are using the Atlas service-def from Ranger master, against >> Atlas from branch-0.8 (or from master before ATLAS-2459)? Earlier Atlas >> versions use a different authorization model, which don't allow access >> controls at instance/type levels. Please try with Atlas from master branch. >> >> Hope this helps. >> >> Madhan >> >> >> >> >> On 3/12/18, 11:16 AM, "Colm O hEigeartaigh" <[email protected]> wrote: >> >> Hi all, >> >> I'm using the Ranger plugin to secure access to Atlas. How can I >> create a >> policy in Ranger to allow a user access to a subset of the entities? >> So for >> example, I want to allow "alice" to "read" all entities that have a >> given >> type. I created an authorization policy of "type" "Table", but I get >> the >> following error: >> >> curl -u alice:password "http://localhost:21000/api/at >> las/entities?type=Table >> " >> <title>Error 403 {"AuthorizationError":"You are not >> authorized for READ on [ENTITY] : *"}</title> >> >> How can I allow authorization for a subset of the entities? I guess I >> need >> an authorization policy for "Entity" but it's not clear what values >> apart >> from "*" are supported here? >> >> Colm. >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
