[
https://issues.apache.org/jira/browse/RANGER-630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14724788#comment-14724788
]
Gautam Borad commented on RANGER-630:
-------------------------------------
Attached patch proposes the following solution:
# Use Spring annotations for controlling access on the REST APIs
# The annotations will check for permissions provided from the permission model
on UI
# Depending on whether the user has access to that module the call will either
be allowed or denied.
This way we have an additional check on REST API which makes UI and REST APIs
access control consistent.
> Data consistency across API and UI
> ----------------------------------
>
> Key: RANGER-630
> URL: https://issues.apache.org/jira/browse/RANGER-630
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.1
> Reporter: Gautam Borad
> Assignee: Gautam Borad
> Fix For: 0.5.1
>
> Attachments: RANGER-630.patch
>
>
> Ranger 0.5.0 allows role based access control for UI modules. However this
> design did not cover the REST APIs. This JIRA will track the changes required
> to make APIs also honor the permission assigned to users.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
