Six Stars

Bug in TAC project authorization

Issue we are having is even though a user does not have access to the project, TAC still downloads the content of the project from bit bucket onto user's system. We are using Talend enterprise version 6.4.1 with TAC & Here is the setup we have:

 

Projects:

 

 We are using one bitbucket repository that contain multiple projects & controlling individual project access through TAC

 

Project Authorization:

 

  • UserA has access to ClientA
  • UserB has access to ClientB
  • UserC has access to ClientC

 TAC admin created separate Dev Branch from Master Branch for developers per project to work on using Branch management feature from TAC

 

 git branch structure.png

Now when UserC use Talend studio to connect, UserC is only able to see project that they have access to that is ClientC project however seems like talend is downloading all other projects onto users local file system.

 

UserC was able to export job files into Talend studio for ClientA & ClientB from their filesystem. This is very critical bug that allows user to access the project files that they are not supposed to have access to.

 

Any one came across this issue? how did you tackle this issue except creating separate repo per project per user as with this limitation, TAC project authorization doesnt make sense.

 

Thanks,

Nimesh

  • Talend Administration Center
Tags (1)
5 REPLIES
Employee

Re: Bug in TAC project authorization

Hi

Please report this through our support.  They will get R&D to verify if it is a bug or not.  Generally, the best practice is to have 1 project per Git repository.  Or a couple of projects per Git Repository if they are linked together through Project References.

 

Since your code is for different clients, the best is to separate them by Git repositories.  When a branch or tag is applied in Git (through Talend), it will apply to all projects in that Git repository, i.e. your tag or branch will apply to even projects you do not want.  I have seen this behaviour in git.  Maybe that's why other projects from the same git repository is downloaded together even if it is not opened.

 

 

Six Stars

Re: Bug in TAC project authorization

Thanks for your response,

 

Could you please have look at my question below & respond to that as well?

https://community.talend.com/t5/Administering-and-Monitoring/Create-Dev-Branch-using-Branch-white-li...

 

that is somehow linked with this issue & resolution on that could help fix for this issue.

 

Thanks,

Nimesh

Six Stars

Re: Bug in TAC project authorization

Thanks, we have reported this as bug to support.

Employee

Re: Bug in TAC project authorization

@nmodi please share the jira id you have reported it as.

 

As for the issue itself: we will not be able to fix it as such if you indeed have the same git repository hosting different Talend projects all developers not matter the Talend project authorization will have file level access. See e.g. this stackoverflow post: https://stackoverflow.com/questions/13248246/git-branch-permissions.

 

Thus we highly recommend to follow @iburtally best practice.

Thomas Steinborn
Sr. Director Product Management
Six Stars

Re: Bug in TAC project authorization

Thanks @tsteinborn for your response, we have reported this to support & awaiting their response. not yet submitted it jira.

in that case, TAC project authorization does not make sense if we are using same repository for multiple talend project hence this bug.

and that is when we tried using whitelist feature as well however we are having issue with that feature as well, reported as separate issue in community.

Yes, for now we are using Branch specific permission to control access at git level.

Thanks,
Nimesh