Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-7813

User with READ access to stream cannot get events

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 4.1.0
    • Component/s: None
    • Labels:
    • Release Notes:
      The security policies for accessing entities have been changed and the documentation updated to reflect these changes.
    • Rank:
      1|hzzq5b:

      Description

      Grant user jon READ access to the stream but not to the namespace:

      cdap (http://<>:11015/namespace:default)> list privileges for user jon
      +=============================+
      | Entity             | Action |
      +=============================+
      | stream:ns1.stream1 | READ   |
      +=============================+
      
      cdap (http://<>:11015/namespace:default)> 
      

      GET fails on the stream:

      MacBook-Pro:~ Deepak$ curl -X GET http://<>:11015/v3/namespaces/ns1/streams/stream1/events -H "Authorization: Bearer <>" -v
      Note: Unnecessary use of -X or --request, GET is already inferred.
      
      > GET /v3/namespaces/ns1/streams/stream1/events HTTP/1.1
      > Host: <>
      > User-Agent: curl/7.49.1
      > Accept: */*
      > Authorization: Bearer <>
      > 
      < HTTP/1.1 500 Internal Server Error
      < Content-Type: text/plain; charset=utf-8
      < Content-Length: 146
      < Connection: keep-alive
      < 
      * Connection #0 to host <> left intact
      Cannot get namespace namespace:ns1. Reason: Principal 'Principal{name='jon', type=USER}' does not have privileges to access entity 'namespace:ns1'
      

        Attachments

          Activity

            People

            • Assignee:
              John John Jackson
              Reporter:
              deepak Deepak Wadhwani
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: