[
https://issues.apache.org/jira/browse/KYLIN-3569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zongwei Li updated KYLIN-3569:
------------------------------
Attachment: kylinCode.png
> Server with query mode still can submit/build job
> -------------------------------------------------
>
> Key: KYLIN-3569
> URL: https://issues.apache.org/jira/browse/KYLIN-3569
> Project: Kylin
> Issue Type: Bug
> Components: Job Engine, REST Service, Security
> Affects Versions: v2.4.1
> Environment: CentOS 6.7, HBase 1.2.0+cdh5.14.2+456
> Reporter: Zongwei Li
> Priority: Major
> Labels: build, documentation, security
> Attachments: kylinCode.png
>
>
> From the Docs at Kylin site,
> [http://kylin.apache.org/docs24/install/kylin_cluster.html]
> * *query* : run query engine only; Kylin query engine accepts and answers
> your SQL queries
> It seems that if server set with 'kylin.server.mode=query', it should not can
> support submit/build job. But as we tested, server with query mode still can
> submit/build job from UI or RESTFul API.
> We analyzed the source code, found that there didn't exist any protect logic
> to check whether server is at 'job' or 'build' mode in service layer for
> submit/build job. Will attach the source code is this issue.
> This issue really confused us, because we considered query server cannot
> build job in Kylin Docs and many Kylin books. And query server will exposed
> to 3rd BI tool to query the data, if we forget to configure the suitable ACL
> for Cubes, then the 3rd BI tool can trigger build job in any time.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
