[
https://issues.apache.org/jira/browse/FINERACT-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Santa updated FINERACT-2027:
----------------------------------
Labels: BeanSalad (was: )
> Permission evaluation for jobs
> ------------------------------
>
> Key: FINERACT-2027
> URL: https://issues.apache.org/jira/browse/FINERACT-2027
> Project: Apache Fineract
> Issue Type: Improvement
> Components: Job Scheduler
> Affects Versions: 1.8.4
> Reporter: Peter Santa
> Priority: Major
> Labels: BeanSalad
> Fix For: 1.9.0
>
>
> h1. Background
> Currently, when a job gets triggered via API, the permission of the
> authenticated user is evaluated, whether it has permission to run jobs,
> generally. If yes, the initiator user gets replaced by System user in the
> context, and the job’s actions get triggered using that context. There are no
> further permission checking while running jobs, e.g. for the specific job, or
> a step of the job.
> Whenever any permission checking gets introduced, during running the job,
> performing actions will not be permitted, because by default the used System
> user does not have any permission - this could break currently running, live
> systems.
> h1. Goal
> Have the permissions evaluated based on the authenticated user and the
> action, when triggering a job via API. Have job-specific permission.
> h1. Analysis
> * to be evaluated, whether it worked like this earlier, or got broken when
> implementing features recently.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
