https://datahubproject.io logo
Join Slack
Powered by
# authentication-authorization
  • b

    big-book-3239

    05/05/2022, 12:06 PM
    Hi, I loaded the Postman example for the OpenAPI in Postman - when testing I do get the error '401 - Unauthorized'. How to fix this?
  • c

    curved-magazine-23582

    07/20/2022, 1:45 PM
    good morning, how do I enable token based authentication in DataHub? currently that part of UI is disabled. Is there a config to enable that?
  • w

    witty-motorcycle-52108

    09/23/2022, 1:54 PM
    Hey y'all, wondering if anyone has deployed DH behind an authentication proxy before that does the entire auth flow but then provides a signed JWT to DH for Authn/z after the full auth flow has been completed?
  • c

    chilly-potato-57465

    09/28/2022, 8:54 AM
    Hello everyone! I am looking into the authentication and authorization topic and got several questions. So far as I understand, frontend authentication can be performed with OIDC and Azure AD, and in order to do that we need to register DataHub application in the MS Azure portal and then run the Azure AD source plugin. Is this correct? Then, for authorization roles and policies are used which can be assigned to users and groups. It is still not possible to assign DataHub roles based on Azure roles (https://datahubproject.io/docs/authorization/roles#whats-coming-next) but is it possible to assign roles/policies to Azure groups? That is not clear from the docs.
  • w

    worried-flower-88750

    11/10/2022, 9:10 PM
    X-posting, fingers crossed someone here has any thoughts, https://datahubspace.slack.com/archives/C029A3M079U/p1668099985693689
  • w

    witty-butcher-82399

    12/12/2022, 5:21 PM
    Hi! A couple of questions about authorization: I would like to define a policy such as: allow some users/groups to edit description for the datasets in a given data platform instance. This is somehow similar to this one: https://datahubproject.io/docs/authorization/policies#coming-soon
    • Ability to define Metadata Policies against multiple reosurces scoped to particular “Containers” (e.g. A “schema”, “database”, or “collection”)
    Just going higher in the hierarchy up to the platform instance level. In the current status, I was thinking on solving this with
    resource_urn
    criteria https://datahubproject.io/docs/authorization/policies#resources Does that criteria support other operators different from
    EQUALS
    such as starts with, contains or even regexp? Definitely in the UI this is not possible, is it possible via policy as code? Second question is about applying to owners.
    Whether this policy should be apply to owners of the Metadata asset. If true, those who are marked as owners of a Metadata Asset, either directly or indirectly via a Group, will have the selected privileges.
    Can this be restricted to some ownership in particular?
    • 1
    • 2
  • d

    dazzling-microphone-98929

    02/23/2023, 12:59 PM
    Hello team, somebody could help me?
    Copy code
    PipelineInitError: Failed to configure the source (powerbi): Powerbi authorization failed . Please check your input configuration.
    w
    • 2
    • 1
  • r

    rich-daybreak-77194

    03/18/2023, 3:23 AM
    I have a some question for user and group authenticatetion I user a SSO with google login but i want to know 1.Can we scope some user for login such as my org have 5 people (a,b,c,d,e) but i want a and b to login c,d,e shouldn’t use datahub 2.Can we auto set group to a,b with a reader at first time login (Group not role)
  • w

    wonderful-tomato-83083

    06/21/2023, 3:50 PM
    Is there a way to get a session token from frontend auth? Ie, use a user/pw to obtain a token that I can use to query the graphql api? (unless I'm misunderstanding, I cannot use user/pass or cookies on graphql).
    c
    • 2
    • 1
  • w

    wonderful-tomato-83083

    06/21/2023, 3:50 PM
    (or generate a user token)
  • l

    limited-dentist-50437

    09/14/2023, 11:21 AM
    Hello everyone! Is there a way to generate the Datahub Personal Access Token programmatically?
    w
    • 2
    • 2
  • l

    limited-dentist-50437

    09/18/2023, 7:51 AM
    Hi everyone, Unauthorisation issues with setting up PAT for root datahub super user. Following this guide here: https://github.com/acryldata/datahub-helm/blob/master/README.md I’ve deployed data hub on an eks cluster. My first challenge was to generate a PAT to be used by another downstream process. Following this guide: https://datahubproject.io/docs/api/graphql/token-management#generating-access-tokens (thanks to @witty-butcher-82399 for pointing this out) I tested the example query provided, using data hub’s graphQL explorer and this works fine. However when I attempt this curl equivalent:
    Copy code
    curl -X POST '<http://localhost:9002/api/graphql>' \  
    --header 'X-DataHub-Actor: urn:li:corpuser:datahub' \
    --header 'Content-Type: application/json' \
    --data-raw '{ "query":"mutation { createAccessToken(input: { type: PERSONAL, actorUrn: \"urn:li:corpuser:datahub\", duration: ONE_HOUR, name: \"dt token\" } ) { accessToken metadata { id name description} } }", "variables":{}}'
    The token does not get created. Via postman, and the response is a 401 Unauthorized. Which has me wondering, from the PAT guide it is stated that the User must have the Generate Personal Access Tokens or Manage All Access Tokens. Which is present for the datahub superuser[see screen shot] But I’m still getting the 401 response. My ultimate goal is to have a bash script that runs after the datahub is deployed, which generates the PAT to be used by another downstream process. Is there anything I’m missing here please? Thanks for the help.
    b
    w
    • 3
    • 9
  • b

    bulky-shoe-65107

    10/16/2023, 12:16 AM
    archived the channel