[ https://issues.apache.org/jira/browse/AMBARI-24562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-24562: ---------------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Protect the ClusterConfig resource so that only authorized users may have > read-only access the data > --------------------------------------------------------------------------------------------------- > > Key: AMBARI-24562 > URL: https://issues.apache.org/jira/browse/AMBARI-24562 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.4.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 50m > Remaining Estimate: 0h > > Protect the ClientConfig resource so that only authorized users may have > read-only access the data. > Users with the following permission should have read-only access: > * {{CLUSTER.VIEW_CONFIGS}} > * {{SERVICE.VIEW_CONFIGS}} > * {{HOST.VIEW_CONFIGS}} > These permissions should be allow for the following roles: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)