[
https://issues.apache.org/jira/browse/RANGER-4469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4469:
--------------------------------------
Description:
When a dataset is created for a user with VIEW permission, and GET
datasetSummary API is called, 403 is thrown, since a user is allowed to get
dataset policies, only if the user has AUDIT or higher permissions. Steps to
reproduce:
# Created a dataset as below:
{code:java}
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": {
"users":
{ "joe": "VIEW", "admin": "ADMIN" }
},
"termsOfUse": "Gds Terms of Use"
}
{code}
2. When the GET datasetSummary API is called
[http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
{code:java}
2023-10-10 14:43:33,975 [http-nio-6080-exec-3] ERROR [RESTErrorUtil.java:126]
Access restricted. loginId=joe, logMessage=User is not authorized to view
policies for this dataset, requestInfo=RequestContext
[ipAddress=0:0:0:0:0:0:0:1, userAgent=PostmanRuntime/7.33.0,
requestURL=/service/gds/dataset/summary, deviceType=1,
serverRequestId=ceeea979-7d6b-4716-a9e7-e91d031cf70e, isSync=true,
startTime=1696949013819], timeTaken=156
javax.ws.rs.WebApplicationException: null
at
org.apache.ranger.common.RESTErrorUtil.create403RESTException(RESTErrorUtil.java:103)
at org.apache.ranger.biz.GdsDBStore.getDatasetPolicies(GdsDBStore.java:450)
at
org.apache.ranger.biz.GdsDBStore.getPrincipalCountForDataset(GdsDBStore.java:1332)
at org.apache.ranger.biz.GdsDBStore.toDatasetSummary(GdsDBStore.java:1256)
at org.apache.ranger.biz.GdsDBStore.getDatasetSummary(GdsDBStore.java:156)
at org.apache.ranger.rest.GdsREST.getDatasetSummary(GdsREST.java:308)
at
org.apache.ranger.rest.GdsREST$$FastClassBySpringCGLIB$$5397f2f3.invoke(<generated>)
{code}
was:
When a dataset is created for a user with VIEW permission, and GET
datasetSummary API is called, 403 is thrown, since a user is allowed to get
dataset policies, only if the user has AUDIT or higher permissions. Steps to
reproduce:
# Created a dataset as below:
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": {
"users": {
"joe": "VIEW",
"admin": "ADMIN"
}
},
"termsOfUse": "Gds Terms of Use"
}
2. When the GET datasetSummary API is called
[http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
> Dataset summary API throws 403
> ------------------------------
>
> Key: RANGER-4469
> URL: https://issues.apache.org/jira/browse/RANGER-4469
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
> Reporter: Subhrat Chaudhary
> Assignee: Subhrat Chaudhary
> Priority: Major
>
> When a dataset is created for a user with VIEW permission, and GET
> datasetSummary API is called, 403 is thrown, since a user is allowed to get
> dataset policies, only if the user has AUDIT or higher permissions. Steps to
> reproduce:
> # Created a dataset as below:
>
> {code:java}
> {
> "id": 7,
> "guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696947157966,
> "updateTime": 1696947157967,
> "version": 1,
> "description": "This is GDS description",
> "options": {},
> "additionalInfo": {},
> "name": "DS7",
> "acl": {
> "users":
> { "joe": "VIEW", "admin": "ADMIN" }
> },
> "termsOfUse": "Gds Terms of Use"
> }
> {code}
>
> 2. When the GET datasetSummary API is called
> [http://localhost:6080/service/gds/dataset/summary], 403 is thrown.
>
> {code:java}
>
> 2023-10-10 14:43:33,975 [http-nio-6080-exec-3] ERROR [RESTErrorUtil.java:126]
> Access restricted. loginId=joe, logMessage=User is not authorized to view
> policies for this dataset, requestInfo=RequestContext
> [ipAddress=0:0:0:0:0:0:0:1, userAgent=PostmanRuntime/7.33.0,
> requestURL=/service/gds/dataset/summary, deviceType=1,
> serverRequestId=ceeea979-7d6b-4716-a9e7-e91d031cf70e, isSync=true,
> startTime=1696949013819], timeTaken=156
> javax.ws.rs.WebApplicationException: null
> at
> org.apache.ranger.common.RESTErrorUtil.create403RESTException(RESTErrorUtil.java:103)
> at
> org.apache.ranger.biz.GdsDBStore.getDatasetPolicies(GdsDBStore.java:450)
> at
> org.apache.ranger.biz.GdsDBStore.getPrincipalCountForDataset(GdsDBStore.java:1332)
> at org.apache.ranger.biz.GdsDBStore.toDatasetSummary(GdsDBStore.java:1256)
> at org.apache.ranger.biz.GdsDBStore.getDatasetSummary(GdsDBStore.java:156)
> at org.apache.ranger.rest.GdsREST.getDatasetSummary(GdsREST.java:308)
> at
> org.apache.ranger.rest.GdsREST$$FastClassBySpringCGLIB$$5397f2f3.invoke(<generated>)
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
