Andrew Onischuk created AMBARI-17292:
----------------------------------------
Summary: Operations during upgrade are permitted by all roles
Key: AMBARI-17292
URL: https://issues.apache.org/jira/browse/AMBARI-17292
Project: Ambari
Issue Type: Bug
Reporter: Andrew Onischuk
Assignee: Andrew Onischuk
Fix For: 2.4.0
Attachments: AMBARI-17292.patch
ambari-server --hash
9a2943ba77371f1c20b4f3da900abb7c2e89d22b
Build# ambari-server-2.4.0.0-591.x86_64
**Steps**
1. Create user with different roles like Cluster user, Service Administrator
etc.
2. Login as Ambari admin user and start Express Upgrade (register version,
install packages and start EU)
3. Pause the Upgrade at any step that requires manual intervention (like stop
YARN queue or backup DB or even at Finalize step)
4. Logout and login as cluster user
**Result**:
The logged in user has complete access to Upgrade Wizard and can resume
upgrade
Also do actions like Downgrade, 'Ignore and Proceed', 'Retry'
The same is true for other roles like service administrator too, both during
upgrade and downgrade
**Expected Result:** Only Ambari Admin and Cluster Admin should be permitted to
perform actions during cluster upgrade
Screenshots attached for reference while logged in as cluster user role
(cluser)
Another observation: While upgrade is in progress, login in a different
session as cluster user - the cluster user can view the upgrade wizard in
exact same way as admin
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
