Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Authorizations for some APIs #16503

Closed
HesamoddinMonfared opened this issue Jun 1, 2024 · 1 comment · Fixed by #16549
Closed

No Authorizations for some APIs #16503

HesamoddinMonfared opened this issue Jun 1, 2024 · 1 comment · Fixed by #16549
Assignees
@mohityadav766

Comments

@HesamoddinMonfared
Copy link

I use Openmetadata version 1.2.0. But I saw this problem on latest version also.

Some APIs do not use 'authorize' methods. for example for 'userResource.java' there is an API for 'create user', that directly call repository layer and bypass authorization. So every user can use this API, and create a user.
@harshach
Copy link
Collaborator

harshach commented Jun 5, 2024

All of our APIs are protected . UserResource createUser is only possible if you enable self-signup is enabled.
For SSO you'll need to be authenticated with you SSO before reaching this endpoint

@mohityadav766 mohityadav766 self-assigned this Jun 5, 2024
@mohityadav766 mohityadav766 mentioned this issue Jun 6, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mohityadav766 mohityadav766

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ISSUE-16503] Fix createUser to use EntityResource open-metadata/OpenMetadata
3 participants
@harshach @HesamoddinMonfared @mohityadav766