https://datahubproject.io logo
Join Slack
Powered by
Hello. I'm encountering a permission denied proble...
# troubleshoot
w
Hello. I'm encountering a permission denied problem after enabling rest api authorization (and authentication). We are on version 
v0.10.1
I'm using the python-sdk and talking to the gms via the frontend-proxy. I'm authenticating via the frontends 
/logIn
endpoint setting the 
Cookie
header on my 
DataHubGraphConfig
before making further api calls. An example api call I'm making is 
client.get_aspect(entity_urn=entity_urn, aspect_type=DatasetProperties)
I have a policy that says all users have all privileges. When I run the get_aspect call, I get a 401 - Unauthorized on the client side and a "User is unauthorized to get aspect for ..." on the gms side. This flow worked before I enabled the auth+auth feature. However, if I log in to the UI via the same user, I have no problem viewing the dataset page for my example entity. I'm not sure where to look for the problem here. I'll be grateful if someone could give me a pointer or two.
1
Interestingly enough, ingestion using the same method seems to work (I've subclassed the "datahub-rest" sink to do the the login stuff in the same way as above). Ingestion calls a different endpoint than my query that fails though (
/entities
vs 
/aspects
), and its a POST instead of GET request as well. Not sure if this is a hint of something.
I'm seeing this privilege in the code 
GET_ENTITY_PRIVILEGE
which protects the 
/aspects
endpoint but it seems it's not possible to create a policy that includes this privilege via the GUI. Next attempt, try to provision such a policy at deployment instead.
Worked. Case closed. Nothing to see here.
m
You may want to use personal access token so you dont have to deal with cookies and login endpoint
w
Yea I know, but my org likes forcing use-cases to log in every time since it doesn't like solutions with long-lived tokens and thus the one hour session cookies were chosen.
Open in Slack
PreviousNext
Powered by