[
https://issues.apache.org/jira/browse/FLINK-10497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17328546#comment-17328546
]
Flink Jira Bot commented on FLINK-10497:
----------------------------------------
This major issue is unassigned and itself and all of its Sub-Tasks have not
been updated for 30 days. So, it has been labeled "stale-major". If this ticket
is indeed "major", please either assign yourself or give an update. Afterwards,
please remove the label. In 7 days the issue will be deprioritized.
> More fine grained control over access to REST endpoints
> -------------------------------------------------------
>
> Key: FLINK-10497
> URL: https://issues.apache.org/jira/browse/FLINK-10497
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / REST
> Affects Versions: 1.7.0
> Reporter: Till Rohrmann
> Priority: Major
> Labels: stale-major
>
> At the moment, the REST endpoint can be secured by configuring mutual
> authentication. This, however, defines the access for all available REST
> calls (reads as well as writes). In some situations, it is desired that only
> the writes calls are access restricted whereas the read accesses are
> permitted (e.g. no job submission but the web UI can display the cluster
> state).
> A solution could be to specify ACLs for the different REST calls. This would
> allow to disable state changing operations like cancelling a job from the web
> UI, for example. Moreover, it could allow to specify different rights for
> different users.
> An alternative could be to separate the REST calls relevant for the web UI
> (read operations) from the cluster state changing REST calls. By allowing
> different security configurations (e.g. endpoint with read operations is not
> secured whereas the endpoint with write operations is secured) one could
> effectively achieve the same.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
