Re: Bug in TAC project authorization - Qlik Community

nmodi · ‎2017-08-04

Issue we are having is even though a user does not have access to the project, TAC still downloads the content of the project from bit bucket onto user's system. We are using Talend enterprise version 6.4.1 with TAC & Here is the setup we have:

Projects:

ClientA : https://bitbucket.org/testcompany/talend
ClientB : https://bitbucket.org/testcompany/talend
ClientC : https://bitbucket.org/testcompany/talend

We are using one bitbucket repository that contain multiple projects & controlling individual project access through TAC

Project Authorization:

UserA has access to ClientA
UserB has access to ClientB
UserC has access to ClientC

TAC admin created separate Dev Branch from Master Branch for developers per project to work on using Branch management feature from TAC

Now when UserC use Talend studio to connect, UserC is only able to see project that they have access to that is ClientC project however seems like talend is downloading all other projects onto users local file system.

UserC was able to export job files into Talend studio for ClientA & ClientB from their filesystem. This is very critical bug that allows user to access the project files that they are not supposed to have access to.

Any one came across this issue? how did you tackle this issue except creating separate repo per project per user as with this limitation, TAC project authorization doesnt make sense.

Thanks,

Nimesh

Anonymous · ‎2017-08-06

Hi

Please report this through our support. They will get R&D to verify if it is a bug or not. Generally, the best practice is to have 1 project per Git repository. Or a couple of projects per Git Repository if they are linked together through Project References.

Since your code is for different clients, the best is to separate them by Git repositories. When a branch or tag is applied in Git (through Talend), it will apply to all projects in that Git repository, i.e. your tag or branch will apply to even projects you do not want. I have seen this behaviour in git. Maybe that's why other projects from the same git repository is downloaded together even if it is not opened.

nmodi · ‎2017-08-07

Thanks for your response,

Could you please have look at my question below & respond to that as well?

https://community.talend.com/t5/Administering-and-Monitoring/Create-Dev-Branch-using-Branch-white-li...

that is somehow linked with this issue & resolution on that could help fix for this issue.

Thanks,

Nimesh

nmodi · ‎2017-08-09

Thanks, we have reported this as bug to support.

Anonymous · ‎2017-08-10

@Moe please share the jira id you have reported it as.

As for the issue itself: we will not be able to fix it as such if you indeed have the same git repository hosting different Talend projects all developers not matter the Talend project authorization will have file level access. See e.g. this stackoverflow post: https://stackoverflow.com/questions/13248246/git-branch-permissions.

Thus we highly recommend to follow @iburtally best practice.

nmodi · ‎2017-08-10

Thanks @tsteinborn for your response, we have reported this to support & awaiting their response. not yet submitted it jira.

in that case, TAC project authorization does not make sense if we are using same repository for multiple talend project hence this bug.

and that is when we tried using whitelist feature as well however we are having issue with that feature as well, reported as separate issue in community.

Yes, for now we are using Branch specific permission to control access at git level.

Thanks,
Nimesh

Bug in TAC project authorization

Administering and Monitoring

Administration

Studio

v6.x