ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keta Patel (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-20768) Local Ambari user with no cluster role must not be able to access Logsearch UI
Date Thu, 20 Apr 2017 05:27:04 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Keta Patel updated AMBARI-20768:
--------------------------------
    Status: Open  (was: Patch Available)

> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-20768
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20768
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>         Attachments: all_tests_successful.png, AMBARI-20768_branch-2.5.0.patch
>
>
> A local Ambari user with no cluster roles assigned to it can successfully log into the
Logsearch UI.
> Logsearch service exercises restriction on who can access its UI using a property "logsearch.roles.allowed".
This property is a comma-separated list of roles to be allowed access to Logsearch UI. This
defect deals with the following 2 issues:
> 1. If Logsearch service requires that only certain roles be allowed to access its UI,
then a local Ambari user with no roles must not be allowed to access the UI.
> 2. If some user with privilege to edit the config properties, updates "logsearch.roles.allowed"
by removing the "AMBARI.ADMINISTRATOR" role from its list, then the Ambari Admins will not
be able to access the Logsearch UI. This violates the Ambari Administrator privilege which
must be able to access all frames of Ambari UI as well as perform all UI operations.
> DESIRED BEHAVIOR:
> =================
> 1. A local user with no role assigned to it, must not be able to access Logsearch UI.
> 2. Ambari Administrators must be always be allowed to access the Logsearch UI. No user
is allowed to revoke this access right of Ambari Administrator for the Logsearch UI.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message