[
https://issues.apache.org/jira/browse/RANGER-2065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated RANGER-2065:
------------------------------------
Attachment: RANGER-2065.1.patch
> Entity is readable even if there is no entity-read-classification permission.
> -----------------------------------------------------------------------------
>
> Key: RANGER-2065
> URL: https://issues.apache.org/jira/browse/RANGER-2065
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Nixon Rodrigues
> Assignee: Nixon Rodrigues
> Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2065.1.patch, RANGER-2065.patch
>
>
> Scenario:
> 1) create entity and tag,
> 2) associate that entity to tag.
> 3) user1 does not have read classification but read entity.
> Make a rest call to read classification details in the entity it fails as
> expected:
> {code:java}
> {
> "errorCode": "ATLAS-403-00-001",
> "errorMessage": "admin is not authorized to perform get classifications:
> guid=d11fd3de-d99d-4e3f-b489-4c0f97651f7d"
> }
> {code}
> but when we login to UI and open the entity we are able to see classification
> details despite of having no read classification permission which is same
> information as what was denied in rest call.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
