falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venkatesh Seetharam (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-464) Enforce Authorization for REST API
Date Fri, 08 Aug 2014 15:39:12 GMT

    [ https://issues.apache.org/jira/browse/FALCON-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090877#comment-14090877
] 

Venkatesh Seetharam commented on FALCON-464:
--------------------------------------------

bq. Should we skip this for GET APIs. Since there is no read/write control as such, we should
atleast allow everyone to view the instance/entity status
Not sure if that makes sense. Lets take the use case for a monitoring tool - we would want
to provide lifecycle management functions like kill, rerun, suspend, resume, etc. along with
each entity or its instance. 

Also, why would someone be interested in some other pipeline. Makes sense?

> Enforce Authorization for REST API
> ----------------------------------
>
>                 Key: FALCON-464
>                 URL: https://issues.apache.org/jira/browse/FALCON-464
>             Project: Falcon
>          Issue Type: Sub-task
>          Components: process
>    Affects Versions: 0.6
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>              Labels: authorization, security
>             Fix For: 0.6
>
>         Attachments: FALCON-464-review.patch, FALCON-464.patch
>
>
> Only owner of entities can execute CRUD but no one else.
> Cluster and Feed entities are world-readable by default. Process entity can only be read
by the owner and group.
> Input feeds must be readable and output feeds be writable by the process owner?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message