[
https://issues.apache.org/jira/browse/RANGER-4534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prashant Satam updated RANGER-4534:
-----------------------------------
Description:
When we use GDS GET APIs for (dataset/datashare/project) and pass query param
gdsPermission=NONE we get all the objects in response which is not expected
Example :
When the param gdsPermission=NONE is passed in request, in the GET APIs e.g.
GET /gds/dataset, whole dataset list is returned in response, even if the
calling user is not added in the ACLs in any of the datasets.
was:
When we use GDS GET APIs for (dataset/datashare/project) and pass query param
gdsPermission=NONE we get all the objects in response which is not expected
Example :
1)We have 4 datasets created
2)Test-User has ADMIN access to 2 datasets only for remaining 2 datasets,
Test-User has no permission in ACL of dataset
3)Still when Test-User use GET API ---> /service/gds/dataset with query param
gdsPermission = NONE he gets all the 4 datasets in response which is not
expected
> Use of Query param GdsPermission with value NONE gives incorrect response for
> GDS GET APIs
> ------------------------------------------------------------------------------------------
>
> Key: RANGER-4534
> URL: https://issues.apache.org/jira/browse/RANGER-4534
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Prashant Satam
> Assignee: Prashant Satam
> Priority: Major
>
> When we use GDS GET APIs for (dataset/datashare/project) and pass query param
> gdsPermission=NONE we get all the objects in response which is not expected
> Example :
> When the param gdsPermission=NONE is passed in request, in the GET APIs e.g.
> GET /gds/dataset, whole dataset list is returned in response, even if the
> calling user is not added in the ACLs in any of the datasets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
