[
https://issues.apache.org/jira/browse/STORM-509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans resolved STORM-509.
---------------------------------------
Resolution: Fixed
Fix Version/s: 0.10.0
Sorry this took so long, I pulled this into the security branch.
> (Security) Make groups checking specific for SimpleACLAuthorizer.
> -----------------------------------------------------------------
>
> Key: STORM-509
> URL: https://issues.apache.org/jira/browse/STORM-509
> Project: Apache Storm
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: Robert Joseph Evans
> Assignee: Sriharsha Chintalapani
> Priority: Critical
> Fix For: 0.10.0
>
>
> SimpleACLAuthorizer has groups support right now, but it only validates that
> the user performing an action and the user running the topology have at least
> one group in common. This is far from ideal, because unix groups are often
> used to denote OS System permissions and there is typically a users group
> that everyone belongs to. We really should have a separate set of configs
> for the explicit groups that we want to grant permissions to, instead of the
> groups the user is a part of.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
