[ https://issues.apache.org/jira/browse/AMBARI-18433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-18433: ---------------------------------- Attachment: AMBARI-18433_trunk_02.patch AMBARI-18433_branch-2.5_02.patch > Enforce granular role-based access control for custom actions > ------------------------------------------------------------- > > Key: AMBARI-18433 > URL: https://issues.apache.org/jira/browse/AMBARI-18433 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.4.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Critical > Labels: rbac > Fix For: 2.5.0 > > Attachments: AMBARI-18433_branch-2.5_01.patch, > AMBARI-18433_branch-2.5_02.patch, AMBARI-18433_trunk_01.patch, > AMBARI-18433_trunk_02.patch > > > Enforce granular role-based access control for custom actions. Such actions > are specified in > {{/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml}} > > For example: > {code} > <actionDefinition> > <actionName>check_host</actionName> > <actionType>SYSTEM</actionType> > <inputs/> > <targetService/> > <targetComponent/> > <defaultTimeout>60</defaultTimeout> > <description>General check for host</description> > <targetType>ANY</targetType> > <permissions>HOST.ADD_DELETE_HOSTS</permissions> > </actionDefinition> > {code} > The "permissions" element that declare the permissions required to run the > action. These permissions must be used to authorize a user to perform the > operation. A user needs to have one of the listed permissions in order to be > authorized. > The relevant API entry points are: > * {{/api/v1/requests}} > * {{/api/v1/requests/clusters/:CLUSTER_NAME/request}} > Example: The user executing the following REST API call must be assigned a > role that has the {{HOST.ADD_DELETE_HOSTS}} authorization for the relevant > cluster > {noformat} > POST /api/v1/requests > { > "RequestInfo": { > "action": "check_host", > "log_output": "false", > "context": "Check host", > "parameters": { > "check_execute_list": > "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", > "jdk_location": "http://host1.example.com:8080/resources/", > "threshold": "20" > } > }, > "Requests/resource_filters": [ > { > "hosts": "host1.example.com" > } > ] > } > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)