[jira] [Comment Edited] (ATLAS-2978) User Authorization is not working as expected
[
https://issues.apache.org/jira/browse/ATLAS-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16698896#comment-16698896
]
Nixon Rodrigues edited comment on ATLAS-2978 at 11/26/18 1:08 PM:
--
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
was (Author: nixonrodrigues):
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type ***tushar,
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
> User Authorization is not working as expected
> -
>
> Key: ATLAS-2978
> URL: https://issues.apache.org/jira/browse/ATLAS-2978
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core, atlas-webui
>Affects Versions: 1.1.0
> Environment: OS - Ubuntu 16.04
> 64 bit
>Reporter: Abhishek Sharma
>Priority: Critical
> Labels: atlas, authorization
> Attachments: Screen Shot 2018-11-26 at 6.20.27 PM.png,
> atlas-application.properties, atlas-simple-authz-policy.json,
> users-credentials.properties
>
>
> Hello
> I am facing 2 issues.
> _*1)*_ I was trying to use the simple authorization model provided by atlas
> I have made my custom Role with user as 'abhishek' linked to a custom group
> and tried to modify atlas-simple-authz-policy.json as per the correct syntax.
> presented in the official documentation.Additionally,I also tried to create
> another custom role for other user 'tushar' linked to a different group.
> Whenever I try to login I get the following error as mentioned below -
> _*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 -
> 1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception
> AtlasBaseException:Instance __AtlasUserProfile with unique attribute
> \{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_
> _*The same error comes in log file even if I successfully login through other
> user accounts.*_
> Although above error persists but login is successful
> _*2)*_ I am successfully able to login with different user accounts that I
> mentioned in users-credentials.properties file.However,the custom type that I
> created from one account (say**
> abhishek) are reflected/shown while logging in from different user
> accounts(say tushar).
> Why authorization is not working as expected ?
> Kindly suggest for the same.
> Thanks in Advance
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (ATLAS-2978) User Authorization is not working as expected
[
https://issues.apache.org/jira/browse/ATLAS-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16698896#comment-16698896
]
Nixon Rodrigues edited comment on ATLAS-2978 at 11/26/18 1:15 PM:
--
[~abhi63269] Thanks for providing inputs. please find my reply for point 1 & 2
1
{quote}_*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 -
1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception
AtlasBaseException:Instance __AtlasUserProfile with unique attribute
\{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_
{quote}
This issue is seen because AtlasUserProfile entity for user abhishek or tushar
does not exist. If user save the favorite search this error message will not be
shown. this does not have direct relation with authz. may we log this as WARN
instead ERROR
2
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
HTH, if you still face the issue, please add the custom typedef with name
*tushar for investigation.
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
was (Author: nixonrodrigues):
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
HTH, if you still face the issue, please add the custom typedef with name
*tushar for investigation.
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
> User Authorization is not working as expected
> -
>
> Key: ATLAS-2978
> URL: https://issues.apache.org/jira/browse/ATLAS-2978
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core, atlas-webui
>Affects Versions: 1.1.0
> Environment: OS - Ubuntu 16.04
> 64 bit
>Reporter: Abhishek Sharma
>Priority: Critical
> Labels: atlas, authorization
> Attachments: Screen Shot 2018-11-26 at 6.20.27 PM.png,
> atlas-application.properties, atlas-simple-authz-policy.json,
> users-credentials.properties
>
>
> Hello
> I am facing 2 issues.
> _*1)*_ I was trying to use the simple authorization model provided by atlas
> I have made my custom Role with user as 'abhishek' linked to a custom group
> and tried to modify atlas-simple-authz-policy.json as per the correct syntax.
> presented in the official documentation.Additionally,I also tried to create
> another custom role for other user 'tushar' linked to a different group.
> Whenever I try to login I get the following error as mentioned below -
> _*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 -
> 1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception
> AtlasBaseException:Instance __AtlasUserProfile with unique attribute
> \{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_
> _*The same error comes in log file even if I successfully login through other
> user accounts.*_
> Although above error persists but login is successful
> _*2)*_ I am successfully able to login with different user accounts that I
> mentioned in users-credentials.properties file.However,the custom type that I
> created from one account (say**
> abhishek) are reflected/shown while logging in from different user
> accounts(say tushar).
> Why authorization is not working as expected ?
> Kindly
[jira] [Comment Edited] (ATLAS-2978) User Authorization is not working as expected
[
https://issues.apache.org/jira/browse/ATLAS-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16698896#comment-16698896
]
Nixon Rodrigues edited comment on ATLAS-2978 at 11/26/18 1:10 PM:
--
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
HTH, if you still face the issue, please add the custom typedef with name
*tushar for investigation.
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
was (Author: nixonrodrigues):
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
> User Authorization is not working as expected
> -
>
> Key: ATLAS-2978
> URL: https://issues.apache.org/jira/browse/ATLAS-2978
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core, atlas-webui
>Affects Versions: 1.1.0
> Environment: OS - Ubuntu 16.04
> 64 bit
>Reporter: Abhishek Sharma
>Priority: Critical
> Labels: atlas, authorization
> Attachments: Screen Shot 2018-11-26 at 6.20.27 PM.png,
> atlas-application.properties, atlas-simple-authz-policy.json,
> users-credentials.properties
>
>
> Hello
> I am facing 2 issues.
> _*1)*_ I was trying to use the simple authorization model provided by atlas
> I have made my custom Role with user as 'abhishek' linked to a custom group
> and tried to modify atlas-simple-authz-policy.json as per the correct syntax.
> presented in the official documentation.Additionally,I also tried to create
> another custom role for other user 'tushar' linked to a different group.
> Whenever I try to login I get the following error as mentioned below -
> _*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 -
> 1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception
> AtlasBaseException:Instance __AtlasUserProfile with unique attribute
> \{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_
> _*The same error comes in log file even if I successfully login through other
> user accounts.*_
> Although above error persists but login is successful
> _*2)*_ I am successfully able to login with different user accounts that I
> mentioned in users-credentials.properties file.However,the custom type that I
> created from one account (say**
> abhishek) are reflected/shown while logging in from different user
> accounts(say tushar).
> Why authorization is not working as expected ?
> Kindly suggest for the same.
> Thanks in Advance
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
