[ https://issues.apache.org/jira/browse/ATLAS-4170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sarath Subramanian updated ATLAS-4170: -------------------------------------- Fix Version/s: 2.2.0 3.0.0 > v2/entity/bulk Entity GET API is able to read unauthorised entities too when > skipFailedEntities is passed as True > ----------------------------------------------------------------------------------------------------------------- > > Key: ATLAS-4170 > URL: https://issues.apache.org/jira/browse/ATLAS-4170 > Project: Atlas > Issue Type: Bug > Affects Versions: 2.1.0 > Reporter: Sidharth Kumar Mishra > Assignee: Sidharth Kumar Mishra > Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: ATLAS-4170.patch > > > As part of https://issues.apache.org/jira/browse/ATLAS-3855, > skipFailedEntities was introduced to ignore the entities where it fails to > read > When skipFailedEntities is not passed or is passed as > skipFailedEntities=False, then we get 403 with below error as expected > {code:java} > { > "errorCode": "ATLAS-403-00-001", > "errorMessage": "hrt is not authorized to perform read entity: > guid=ad0f349c-1fe6-46f0-be6d-98ca2e754e1c" > } {code} > But when we pass skipFailedEntities=True, then API is able to retrieve the > data for even those entities on which the user has explicit deny conditions. > Ideally, we should be ignoring these unauthorised entities and return data > only for authorised ones. > -- This message was sent by Atlassian Jira (v8.3.4#803005)