[
https://issues.apache.org/jira/browse/ATLAS-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nixon Rodrigues updated ATLAS-2009:
-----------------------------------
Attachment: ATLAS-2009.patch
This patch includes fix in AtlasAuthrozation filter to return the unauthorized
request which were landing directly to rest layer even though the error code
403 was set.
[~apoorvnaik]
Please review the fix.
cc:[~madhan.neethiraj]
> Any non-admin user in users-credentials.properties is able to access
> /api/atlas/admin path
> ------------------------------------------------------------------------------------------
>
> Key: ATLAS-2009
> URL: https://issues.apache.org/jira/browse/ATLAS-2009
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core
> Reporter: Sharmadha Sainath
> Priority: Critical
> Attachments: ATLAS-2009.patch
>
>
> Any non-admin user (ex: rangertagsync) specified in
> conf/users-credentials.properties is able to access the /api/atlas/admin
> path. Is this expected ?
> One of the use cases is Export and Import API's ,which should be permitted
> only by admin user to be executed. But any user is able to execute it.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
