atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sharmadha Sainath (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ATLAS-2009) Any non-admin user in users-credentials.properties is able to access /api/atlas/admin path
Date Mon, 31 Jul 2017 08:58:00 GMT
Sharmadha Sainath created ATLAS-2009:
----------------------------------------

             Summary: Any non-admin user in users-credentials.properties is able to access
/api/atlas/admin path
                 Key: ATLAS-2009
                 URL: https://issues.apache.org/jira/browse/ATLAS-2009
             Project: Atlas
          Issue Type: Bug
          Components:  atlas-core
            Reporter: Sharmadha Sainath
            Priority: Critical


Any non-admin user (ex: rangertagsync) specified in conf/users-credentials.properties is able
to access the /api/atlas/admin path. Is this expected ?
One of the use cases is Export and Import API's ,which should be permitted only by admin user
to be executed. But any user is able to execute it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message