[
https://issues.apache.org/jira/browse/FLINK-10497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Flink Jira Bot updated FLINK-10497:
-----------------------------------
Labels: auto-deprioritized-major auto-deprioritized-minor (was:
auto-deprioritized-major stale-minor)
Priority: Not a Priority (was: Minor)
This issue was labeled "stale-minor" 7 days ago and has not received any
updates so it is being deprioritized. If this ticket is actually Minor, please
raise the priority and ask a committer to assign you the issue or revive the
public discussion.
> More fine grained control over access to REST endpoints
> -------------------------------------------------------
>
> Key: FLINK-10497
> URL: https://issues.apache.org/jira/browse/FLINK-10497
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / REST
> Affects Versions: 1.7.0
> Reporter: Till Rohrmann
> Priority: Not a Priority
> Labels: auto-deprioritized-major, auto-deprioritized-minor
>
> At the moment, the REST endpoint can be secured by configuring mutual
> authentication. This, however, defines the access for all available REST
> calls (reads as well as writes). In some situations, it is desired that only
> the writes calls are access restricted whereas the read accesses are
> permitted (e.g. no job submission but the web UI can display the cluster
> state).
> A solution could be to specify ACLs for the different REST calls. This would
> allow to disable state changing operations like cancelling a job from the web
> UI, for example. Moreover, it could allow to specify different rights for
> different users.
> An alternative could be to separate the REST calls relevant for the web UI
> (read operations) from the cluster state changing REST calls. By allowing
> different security configurations (e.g. endpoint with read operations is not
> secured whereas the endpoint with write operations is secured) one could
> effectively achieve the same.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
