Robert Levas created AMBARI-18433:

             Summary: Enforce granular role-based access control for custom 
                 Key: AMBARI-18433
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.4.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Critical
             Fix For: 2.5.0

Enforce granular role-based access control for custom actions.  Such actions 
are specified in 

For example:

    <description>General check for host</description>

The "permissions" element that declare the permissions required to run the 
action.  These permissions must be used to authorize a user to perform the 
operation.  A user needs to have one of the listed permissions in order to be 

The relevant API entry points are:
* {{/api/v1/requests}}
* {{/api/v1/requests/clusters/:CLUSTER_NAME/request}}

Example:  The user executing the following REST API call must be assigned a 
role that has the {{HOST.ADD_DELETE_HOSTS}} authorization for the relevant 

POST /api/v1/requests
  "RequestInfo": {
    "action": "check_host",
    "log_output": "false",
    "context": "Check host",
    "parameters": {
      "jdk_location": "";,
      "threshold": "20"
  "Requests/resource_filters": [
      "hosts": ""

This message was sent by Atlassian JIRA

Reply via email to