Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4BCFE200B69 for ; Fri, 5 Aug 2016 19:53:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 4A6FD160AAC; Fri, 5 Aug 2016 17:53:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 975BB160AAF for ; Fri, 5 Aug 2016 19:53:21 +0200 (CEST) Received: (qmail 26234 invoked by uid 500); 5 Aug 2016 17:53:20 -0000 Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list issues@ambari.apache.org Received: (qmail 26204 invoked by uid 99); 5 Aug 2016 17:53:20 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Aug 2016 17:53:20 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 9E32A2C0D65 for ; Fri, 5 Aug 2016 17:53:20 +0000 (UTC) Date: Fri, 5 Aug 2016 17:53:20 +0000 (UTC) From: "Hudson (JIRA)" To: issues@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (AMBARI-18023) Enforce granular role-based access control for log search functions MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 05 Aug 2016 17:53:22 -0000 [ https://issues.apache.org/jira/browse/AMBARI-18023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15409797#comment-15409797 ] Hudson commented on AMBARI-18023: --------------------------------- FAILURE: Integrated in Ambari-trunk-Commit #5465 (See [https://builds.apache.org/job/Ambari-trunk-Commit/5465/]) AMBARI-18023. Enforce granular role-based access control for log search (rlevas: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=dc0722265bb7f6438807bafa8c9edbb96ab50559]) * ambari-server/src/main/java/org/apache/ambari/server/api/services/LoggingService.java * ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java * ambari-server/src/test/java/org/apache/ambari/server/api/services/LoggingServiceTest.java * ambari-server/src/test/java/org/apache/ambari/server/controller/logging/LoggingSearchPropertyProviderTest.java * ambari-server/src/main/java/org/apache/ambari/server/controller/logging/LoggingSearchPropertyProvider.java > Enforce granular role-based access control for log search functions > ------------------------------------------------------------------- > > Key: AMBARI-18023 > URL: https://issues.apache.org/jira/browse/AMBARI-18023 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.4.0 > Reporter: Robert Levas > Priority: Critical > Fix For: 2.4.0 > > Attachments: AMBARI-18023_branch-2.4_01.patch, AMBARI-18023_trunk_01.patch > > > Enforce granular role-based access control for log search functions. > Users must have the SERVICE.VIEW_OPERATIONAL_LOGS authorization in order to perform log search functions. > The following REST API entry points are affected: > *{{GET /api/v1/clusters/:CLUSTER_NAME/host_components}}* > * The LogSearch-related data is to be filtered out if the user does not have authorization to view it > *{{GET /api/v1/clusters/:CLUSTER_NAME/logging/searchEngine}}* > * Access is to be denied if the user does does not have authorization to view LogSearch-related data -- This message was sent by Atlassian JIRA (v6.3.4#6332)