ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-16246) Allow roles to be treated like principals in Ambari DB
Date Wed, 04 May 2016 12:19:12 GMT
Robert Levas created AMBARI-16246:
-------------------------------------

             Summary: Allow roles to be treated like principals in Ambari DB
                 Key: AMBARI-16246
                 URL: https://issues.apache.org/jira/browse/AMBARI-16246
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.4.0


To support assigning privileges to users based on their roles provide support in the Ambari
database to allow a {{role}} to be referenced as a {{principal}} similar in the way a {{user}}
and a {{group}} a referenced as a {principal}}.

A use-case to support the need for this is to assign access to a view to all users with some
specific role. Currently we can assign access to a view to a specific user or group by assigning
that user or group the {{VIEW.USER}} role applied to the specific view.  To assign access
a view to users who have a specific role, a {{role}} will need to behave like a {{principal}}.

The following changes need to be made to the database:

* Add {{principal_id}} column to the {{adminpermission}} table
* Create a {{principaltype}} record where the {{principal_type_name}} is '{{ROLE}}'
* Add records to the {{adminprincpal}} table to represent each role in {{adminpermission}}
* Update {{adminpermission.principal_id}} to match the relevant records from {{adminprincipal}}

After this is complete, {{adminprivilege}} records can be created using roles as principals.


NOTE: special handling will need to be done in the authorization logic to dereference the
role associations with the authenticated user, similar in the way this is done for groups.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message