[ 
https://issues.apache.org/jira/browse/RANGER-2065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues updated RANGER-2065:
------------------------------------
    Attachment: RANGER-2065.patch

> Entity is readable even if there is no entity-read-classification permission.
> -----------------------------------------------------------------------------
>
>                 Key: RANGER-2065
>                 URL: https://issues.apache.org/jira/browse/RANGER-2065
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: Nixon Rodrigues
>            Assignee: Nixon Rodrigues
>            Priority: Major
>             Fix For: 1.1.0
>
>         Attachments: RANGER-2065.patch
>
>
> Scenario:
> 1) create entity and tag, 
> 2) associate that entity to tag.
> 3) user1 does not have read classification but read entity.
> Make a rest call to read classification details in the entity it fails as 
> expected:
> {code:java}
> {
> "errorCode": "ATLAS-403-00-001",
> "errorMessage": "admin is not authorized to perform get classifications: 
> guid=d11fd3de-d99d-4e3f-b489-4c0f97651f7d"
> }
> {code}
> but when we login to UI and open the entity we are able to see classification 
> details despite of having no read classification permission which is same 
> information as what was denied in rest call.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to