[
https://issues.apache.org/jira/browse/AMBARI-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14569739#comment-14569739
]
Srimanth Gunturi commented on AMBARI-11628:
-------------------------------------------
We do not allow non-admins to do POST calls.... which causes problem here as
calls to {{/api/v1/stacks/HDP/versions/2.3/recommendations}} and
{{/api/v1/stacks/HDP/versions/2.3/validations}} are POST calls,
The fix is to allow authenticated non-admins to do POST calls only to the above
2 endpoints.
This should be OK as the resources are not actually persisted.
It turns out that in AMBARI-7329 already allowed POST calls for non-operators
to /validations endpoint.
So this JIRA is just adding /recommendations also.
> Ambari operator (non-admin) is not able to view service configs
> ---------------------------------------------------------------
>
> Key: AMBARI-11628
> URL: https://issues.apache.org/jira/browse/AMBARI-11628
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Srimanth Gunturi
> Assignee: Srimanth Gunturi
> Fix For: 2.1.0
>
>
> Login to Ambari as an operator only (non-admin) and going to any service
> configs results in a 403 Forbidden response and an automatic logout of the
> user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
