chaitali borole created ATLAS-3950: -------------------------------------- Summary: Read Type Auth : Classification, Business metadata , Entity types are able to have attributes of type which are not permissible to read Key: ATLAS-3950 URL: https://issues.apache.org/jira/browse/ATLAS-3950 Project: Atlas Issue Type: Improvement Affects Versions: 3.0.0 Reporter: chaitali borole Assignee: chaitali borole
hrt_qa has : CRUD permissions on hive_table type CRUD permissions on all business_metadata type. hrt_qa creates a business metadata bm1 hrt_qa is able to create an attribute for bm1 - say attrib1 which allows Applicable types to be anything. UI displays only hive_table but through REST , hrt_qa is able to add any type as Applicable type. Same for classifications : hrt_qa has CRUD permissions on all classification types but read only for hive_table entity type. Through REST , hrt_qa is able to add all types as entityTypes. Example REST call where allowed entity types are hive_table and hdfs_path : /api/atlas/v2/types/typedefs?type=classification { "classificationDefs":[ { "name":"PII", "description":"PII", "superTypes":[ ], "attributeDefs":[ ], "entityTypes":[ "hdfs_path", "hive_table" ], "category":"CLASSIFICATION", "guid":"123456789" } ], "entityDefs":[ ], "enumDefs":[ ], "structDefs":[ ] } Call succeeds with 200 Ok. For Entity type: Updating hive_table entity typedef with a new attribute of type hdfs_path is allowed. Expected is , in all 3 cases of business metadata , classification and entity, response to be authorization denied because hdfs_path type provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)