chaitali borole created ATLAS-3950:
--------------------------------------
Summary: Read Type Auth : Classification, Business metadata ,
Entity types are able to have attributes of type which are not permissible to
read
Key: ATLAS-3950
URL: https://issues.apache.org/jira/browse/ATLAS-3950
Project: Atlas
Issue Type: Improvement
Affects Versions: 3.0.0
Reporter: chaitali borole
Assignee: chaitali borole
hrt_qa has :
CRUD permissions on hive_table type
CRUD permissions on all business_metadata type.
hrt_qa creates a business metadata bm1
hrt_qa is able to create an attribute for bm1 - say attrib1 which allows
Applicable types to be anything. UI displays only hive_table but through REST ,
hrt_qa is able to add any type as Applicable type.
Same for classifications :
hrt_qa has CRUD permissions on all classification types but read only for
hive_table entity type.
Through REST , hrt_qa is able to add all types as entityTypes.
Example REST call where allowed entity types are hive_table and hdfs_path :
/api/atlas/v2/types/typedefs?type=classification
{ "classificationDefs":[
{ "name":"PII", "description":"PII",
"superTypes":[
], "attributeDefs":[
], "entityTypes":[ "hdfs_path",
"hive_table" ], "category":"CLASSIFICATION",
"guid":"123456789" }
], "entityDefs":[
], "enumDefs":[
], "structDefs":[
]
}
Call succeeds with 200 Ok.
For Entity type:
Updating hive_table entity typedef with a new attribute of type hdfs_path is
allowed.
Expected is , in all 3 cases of business metadata , classification and entity,
response to be authorization denied because hdfs_path type provided.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
