[
https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keta Patel updated AMBARI-20768:
--------------------------------
Description:
A local Ambari user with no cluster roles assigned to it can successfully log
into the Logsearch UI.
Logsearch service exercises restriction on who can access its UI using a
property "logsearch.roles.allowed". This property is a comma-separated list of
roles to be allowed access to Logsearch UI. This defect deals with the
following issue:
1. If Logsearch service requires that only certain roles be allowed to access
its UI, then a local Ambari user with no roles must not be allowed to access
the UI.
DESIRED BEHAVIOR:
=================
1. A local user with no role assigned to it, must not be able to access
Logsearch UI.
Note: The description has been updated by removing the aspect of correcting the
behavior for Ambari Administrator role for the Logsearch UI.
was:
A local Ambari user with no cluster roles assigned to it can successfully log
into the Logsearch UI.
Logsearch service exercises restriction on who can access its UI using a
property "logsearch.roles.allowed". This property is a comma-separated list of
roles to be allowed access to Logsearch UI. This defect deals with the
following 2 issues:
1. If Logsearch service requires that only certain roles be allowed to access
its UI, then a local Ambari user with no roles must not be allowed to access
the UI.
2. If some user with privilege to edit the config properties, updates
"logsearch.roles.allowed" by removing the "AMBARI.ADMINISTRATOR" role from its
list, then the Ambari Admins will not be able to access the Logsearch UI. This
violates the Ambari Administrator privilege which must be able to access all
frames of Ambari UI as well as perform all UI operations.
DESIRED BEHAVIOR:
=================
1. A local user with no role assigned to it, must not be able to access
Logsearch UI.
2. Ambari Administrators must be always be allowed to access the Logsearch UI.
No user is allowed to revoke this access right of Ambari Administrator for the
Logsearch UI.
> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
> Key: AMBARI-20768
> URL: https://issues.apache.org/jira/browse/AMBARI-20768
> Project: Ambari
> Issue Type: Bug
> Components: logsearch
> Affects Versions: trunk, 2.5.0
> Reporter: Keta Patel
> Assignee: Keta Patel
> Attachments: all_tests_successful.png,
> AMBARI-20768_branch-2.5.0.patch, AMBARI-20768_branch-2.5_updated.patch
>
>
> A local Ambari user with no cluster roles assigned to it can successfully log
> into the Logsearch UI.
> Logsearch service exercises restriction on who can access its UI using a
> property "logsearch.roles.allowed". This property is a comma-separated list
> of roles to be allowed access to Logsearch UI. This defect deals with the
> following issue:
> 1. If Logsearch service requires that only certain roles be allowed to access
> its UI, then a local Ambari user with no roles must not be allowed to access
> the UI.
> DESIRED BEHAVIOR:
> =================
> 1. A local user with no role assigned to it, must not be able to access
> Logsearch UI.
> Note: The description has been updated by removing the aspect of correcting
> the behavior for Ambari Administrator role for the Logsearch UI.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
