admin

Oleg Nechiporenko (JIRA) Thu, 06 Nov 2014 05:10:50 -0800

     [ 
https://issues.apache.org/jira/browse/AMBARI-8181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oleg Nechiporenko updated AMBARI-8181:
--------------------------------------
    Attachment: AMBARI-8181.patch
                AMBARI-8181_branch-1.7.0.patch

> Non-cluster operator can access "Admin" tab content by going to /#/main/admin
> -----------------------------------------------------------------------------
>
>                 Key: AMBARI-8181
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8181
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 1.7.0
>            Reporter: Oleg Nechiporenko
>            Assignee: Oleg Nechiporenko
>             Fix For: 1.7.0
>
>         Attachments: AMBARI-8181.patch, AMBARI-8181_branch-1.7.0.patch
>
>
> Log in as a user with "cluster use" but no "cluster operate" privilege.
> In the browser, type /#/main/admin.
> The user can access the content of Admin tab and is able to partially run 
> Security Wizard (though the user cannot cause damage).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (AMBARI-8181) Non-cluster operator can access "Admin" tab content by going to /#/main/admin

Reply via email to