Gautam Borad created RANGER-480:
-----------------------------------
Summary: Need access control on REST API based on permission model
Key: RANGER-480
URL: https://issues.apache.org/jira/browse/RANGER-480
Project: Ranger
Issue Type: Task
Components: admin
Affects Versions: 0.5.0
Reporter: Gautam Borad
Assignee: Gautam Borad
Fix For: 0.5.0
*Need to put access control on REST API*
If a non-admin user has no permission to a particular module say "Audit" but
the group to which he belongs has permission that module, then give access to
that non-admin user. User permissions is a union of his and his group
permissions.
*Use-cases to be covered:*
Get AuditLogs (user-with-no-permission) GET service/assets/accessAudit
Update user permission (non-admin) POST service/xusers/permission/user
Update group permission (non-admin) POST service/xusers/permission/group
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
