ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andriy Babiichuk" <ababiic...@hortonworks.com>
Subject Re: Review Request 27678: Non-cluster operator can access "Admin" tab content by going to /#/main/admin
Date Thu, 06 Nov 2014 13:12:00 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27678/#review60157
-----------------------------------------------------------

Ship it!


Ship It!

- Andriy Babiichuk


On Ноя. 6, 2014, 1:11 п.п., Oleg Nechiporenko wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27678/
> -----------------------------------------------------------
> 
> (Updated Ноя. 6, 2014, 1:11 п.п.)
> 
> 
> Review request for Ambari, Andriy Babiichuk and Andrii Tkach.
> 
> 
> Bugs: ambari-8181
>     https://issues.apache.org/jira/browse/ambari-8181
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Log in as a user with "cluster use" but no "cluster operate" privilege.
> In the browser, type /#/main/admin.
> The user can access the content of Admin tab and is able to partially run Security Wizard
(though the user cannot cause damage).
> 
> 
> Diffs
> -----
> 
>   ambari-web/app/routes/main.js a3f7da8 
> 
> Diff: https://reviews.apache.org/r/27678/diff/
> 
> 
> Testing
> -------
> 
> tested manually
> 
> 
> Thanks,
> 
> Oleg Nechiporenko
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message