[ https://issues.apache.org/jira/browse/AMBARI-24562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jayush Luniya updated AMBARI-24562: ----------------------------------- Fix Version/s: (was: 2.7.2) 2.7.3 > Protect the ClusterConfig resource so that only authorized users may have > read-only access the data > --------------------------------------------------------------------------------------------------- > > Key: AMBARI-24562 > URL: https://issues.apache.org/jira/browse/AMBARI-24562 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.4.0 > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.3 > > Time Spent: 50m > Remaining Estimate: 0h > > Protect the ClientConfig resource so that only authorized users may have > read-only access the data. > Users with the following permission should have read-only access: > * {{CLUSTER.VIEW_CONFIGS}} > * {{SERVICE.VIEW_CONFIGS}} > * {{HOST.VIEW_CONFIGS}} > These permissions should be allow for the following roles: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. > Example REST API entry point: > {noformat} > GET > /api/v1/clusters/cl1/services/HDFS/components/HDFS_CLIENT?format=client_config_tar > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)