Oleg Nechiporenko created AMBARI-8181:
-----------------------------------------
Summary: Non-cluster operator can access "Admin" tab content by
going to /#/main/admin
Key: AMBARI-8181
URL: https://issues.apache.org/jira/browse/AMBARI-8181
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 1.7.0
Reporter: Oleg Nechiporenko
Assignee: Oleg Nechiporenko
Fix For: 1.7.0
Log in as a user with "cluster use" but no "cluster operate" privilege.
In the browser, type /#/main/admin.
The user can access the content of Admin tab and is able to partially run
Security Wizard (though the user cannot cause damage).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
