[jira] [Commented] (AMBARI-20768) Local Ambari user with no cluster role must not be able to access Logsearch UI

Tue, 18 Apr 2017 07:35:05 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972799#comment-15972799
 ] 

Hadoop QA commented on AMBARI-20768:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12863742/AMBARI-20768_branch-2.5.0.patch
  against trunk revision .

    {color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output: 
https://builds.apache.org/job/Ambari-trunk-test-patch/11409//console

This message is automatically generated.

> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-20768
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20768
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>         Attachments: all_tests_successful.png, AMBARI-20768_branch-2.5.0.patch
>
>
> A local Ambari user with no cluster roles assigned to it can successfully log 
> into the Logsearch UI.
> Logsearch service exercises restriction on who can access its UI using a 
> property "logsearch.roles.allowed". This property is a comma-separated list 
> of roles to be allowed access to Logsearch UI. This defect deals with the 
> following 2 issues:
> 1. If Logsearch service requires that only certain roles be allowed to access 
> its UI, then a local Ambari user with no roles must not be allowed to access 
> the UI.
> 2. If some user with privilege to edit the config properties, updates 
> "logsearch.roles.allowed" by removing the "AMBARI.ADMINISTRATOR" role from 
> its list, then the Ambari Admins will not be able to access the Logsearch UI. 
> This violates the Ambari Administrator privilege which must be able to access 
> all frames of Ambari UI as well as perform all UI operations.
> DESIRED BEHAVIOR:
> =================
> 1. A local user with no role assigned to it, must not be able to access 
> Logsearch UI.
> 2. Ambari Administrators must be always be allowed to access the Logsearch 
> UI. No user is allowed to revoke this access right of Ambari Administrator 
> for the Logsearch UI.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to