[ https://issues.apache.org/jira/browse/ATLAS-1752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nixon Rodrigues updated ATLAS-1752: ----------------------------------- Description: {code} [XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" Error 403 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}

HTTP ERROR 403

Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f. Reason:

 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}


Powered by Jetty://
I checked ID of the user and they belong to the group that is in ranger. If he uses ldap authentication then it group mapping works [XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" {"requestId":"qtp1641313620-23 - \/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f - 3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"xxxxx","parameters":null},"traitNames":[],"traits":{}}} {code} was: {code} [XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" Error 403 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}

HTTP ERROR 403

Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f. Reason:

 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}


Powered by Jetty://
I checked ID of the user and they belong to the group that is in ranger. If he uses ldap authentication then it group mapping works [XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" {"requestId":"qtp1641313620-23 - \/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f - 3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"devbir1","parameters":null},"traitNames":[],"traits":{}}} {code} > Atlas Group mapping for ranger doesn't work if using kerberos authentication > ---------------------------------------------------------------------------- > > Key: ATLAS-1752 > URL: https://issues.apache.org/jira/browse/ATLAS-1752 > Project: Atlas > Issue Type: Bug > Affects Versions: 0.8-incubating > Environment: secure > Reporter: Nixon Rodrigues > Assignee: Nixon Rodrigues > Fix For: 0.9-incubating, 0.8.1-incubating > > Attachments: ATLAS-1752.patch > > > {code} > [XXXXX@XXXXX ~]$ curl --negotiate -u : -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" > > > > Error 403 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"} > >

HTTP ERROR 403

>

Problem accessing /api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f. Reason: >

 {"AuthorizationError":"You are not authorized for READ on [ENTITY] : *"}


Powered by Jetty://
> > > I checked ID of the user and they belong to the group that is in ranger. > If he uses ldap authentication then it group mapping works > [XXXX@XXXXX ~]$ curl -u XXXX:xxxxxxxx -X GET "http://ATLAS_HOST:21000/api/atlas/entities/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f" > {"requestId":"qtp1641313620-23 - \/api\/atlas\/entities\/7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f - 3f71704c-75e4-40dc-9796-4827e5997ea6","definition":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Reference","id":{"jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_Id","id":"7bb9c916-8fd3-40ef-b65f-855ed5bf4f9f","version":0,"typeName":"hive_db","state":"ACTIVE"},"typeName":"hive_db","values":{"name":"dz_1_disc","location":"hdfs:\/\/devbir1\/data\/discovery\/dz_1\/disc","description":null,"ownerType":{"value":"USER","ordinal":1},"qualifiedName":"XXXX@domain","owner":"hive","clusterName":"xxxxx","parameters":null},"traitNames":[],"traits":{}}} > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)