[
https://issues.apache.org/jira/browse/MESOS-5709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15352968#comment-15352968
]
Joerg Schad commented on MESOS-5709:
------------------------------------
Proposal: add VIEW_ROLE and adapt GET_WEIGHTS to use that as well.
> Authorization for /roles
> ------------------------
>
> Key: MESOS-5709
> URL: https://issues.apache.org/jira/browse/MESOS-5709
> Project: Mesos
> Issue Type: Task
> Components: security
> Reporter: Adam B
> Assignee: Joerg Schad
> Priority: Minor
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> The /roles endpoint exposes the list of all roles and their weights, as well
> as the list of all frameworkIds registered with each role. This is a superset
> of the information exposed on GET /weights, which we already protect. We
> should protect the data in /roles the same way.
> - Should we reuse VIEW_FRAMEWORK with role (from /state)?
> - Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
