[
https://issues.apache.org/jira/browse/ATLAS-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16698896#comment-16698896
]
Nixon Rodrigues edited comment on ATLAS-2978 at 11/26/18 1:08 PM:
------------------------------------------------------------------
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type **tushar*,
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
was (Author: nixonrodrigues):
[~abhi63269] Thanks for providing inputs.
Found {{atlas.authorizer.simple.authz.policy.file}} property commented in
atlas-application.propertes file provided, if the proper file path is provided
then file from classpath is picked which may not have the custom role you
defined.
I tried the CUSTOM_ROLE_FRIEND role defined for user tushar. Type permission is
defined for typesName = .*@_tushar. Atlas does not support type type name with
@ .
With below role, User *tushar* could search and view entities with
qualifiedName **@_tushar* for entiy_type ***tushar,
{noformat}
"CUSTOM_ROLE_FRIEND":{
"entityPermissions": [
{
"privileges": [ "entity-read", "entity-create" ],
"entityTypes": [ ".*" ],
"entityIds": [ ".*@_tushar" ],
"classifications": [ ".*" ]
}
],
"typePermissions": [
{
"privileges": [ "type-read","type-create" ],
"typeCategories": [ ".*" ],
"typeNames": [ ".*tushar" ]
}
]
}{noformat}
!Screen Shot 2018-11-26 at 6.20.27 PM.png!
> User Authorization is not working as expected
> ---------------------------------------------
>
> Key: ATLAS-2978
> URL: https://issues.apache.org/jira/browse/ATLAS-2978
> Project: Atlas
> Issue Type: Bug
> Components: atlas-core, atlas-webui
> Affects Versions: 1.1.0
> Environment: OS - Ubuntu 16.04
> 64 bit
> Reporter: Abhishek Sharma
> Priority: Critical
> Labels: atlas, authorization
> Attachments: Screen Shot 2018-11-26 at 6.20.27 PM.png,
> atlas-application.properties, atlas-simple-authz-policy.json,
> users-credentials.properties
>
>
> Hello
> I am facing 2 issues.
> _*1)*_ I was trying to use the simple authorization model provided by atlas
> I have made my custom Role with user as 'abhishek' linked to a custom group
> and tried to modify atlas-simple-authz-policy.json as per the correct syntax.
> presented in the official documentation.Additionally,I also tried to create
> another custom role for other user 'tushar' linked to a different group.
> Whenever I try to login I get the following error as mentioned below -
> _*2018-11-23 11:04:56,486 ERROR - [pool-1-thread-7 -
> 1bac333e-78ce-46b7-a7d2-ccc2f62e67ee:] ~ graph rollback due to exception
> AtlasBaseException:Instance __AtlasUserProfile with unique attribute
> \{name=abhishek} does not exist (GraphTransactionInterceptor:156)*_
> _*The same error comes in log file even if I successfully login through other
> user accounts.*_
> Although above error persists but login is successful
> _*2)*_ I am successfully able to login with different user accounts that I
> mentioned in users-credentials.properties file.However,the custom type that I
> created from one account (say**
> abhishek) are reflected/shown while logging in from different user
> accounts(say tushar).
> Why authorization is not working as expected ?
> Kindly suggest for the same.
> Thanks in Advance
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
