Program Cannot be Executed without access to the Namespace

I have updated the authorization policy document to reflect this.

After some detailed discussion we have decided to revisit this and fix it in 4.1 once we will finalize an authorization privilege model.
As of now and in 4.0 to run a program a user should have the following permission or its equivalent on the parent to leverage the hierarchical model:
1. EXECUTE on program or any of its parent
2. Any (READ/WRITE/EXECUTE/ADMIN) Privilege on the Namespace in which program is deployed
3. READ privilege on the artifact is associated with program

After fixing the permission requirement for namespace to run a program we also encountered that to run a program the user privilege on the artifacts.

The above issue is caused because to start a program we do look up for its properties for example schedule queue name. This requires looking up NamespaceMeta of the namespace in which the program reside which is guarded with authorization too. We talked to and discussed that we need to revisit where we do authorization checks across CDAP.

For 4.0 we to have minimal change at this point we have decided to move the auth check in NamespaceAdmin.get() to the Handler.

I don't think giving READ on the namespace is an acceptable workaround. Giving READ on namespace will allow that user to read all datasets, streams in that namespace.