ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Nechiporenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-8181) Non-cluster operator can access "Admin" tab content by going to /#/main/admin
Date Thu, 06 Nov 2014 13:56:33 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-8181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14200178#comment-14200178
] 

Oleg Nechiporenko commented on AMBARI-8181:
-------------------------------------------

Tested manually.

> Non-cluster operator can access "Admin" tab content by going to /#/main/admin
> -----------------------------------------------------------------------------
>
>                 Key: AMBARI-8181
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8181
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 1.7.0
>            Reporter: Oleg Nechiporenko
>            Assignee: Oleg Nechiporenko
>             Fix For: 1.7.0
>
>         Attachments: AMBARI-8181.patch, AMBARI-8181_branch-1.7.0.patch
>
>
> Log in as a user with "cluster use" but no "cluster operate" privilege.
> In the browser, type /#/main/admin.
> The user can access the content of Admin tab and is able to partially run Security Wizard
(though the user cannot cause damage).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message