Marco Gaido created SPARK-23782:
-----------------------------------
Summary: SHS should not show applications to user without read
permission
Key: SPARK-23782
URL: https://issues.apache.org/jira/browse/SPARK-23782
Project: Spark
Issue Type: Bug
Components: Web UI
Affects Versions: 2.4.0
Reporter: Marco Gaido
The History Server shows all the applications to all the users, even though
they have no permission to read them. They cannot read the details of the
applications they cannot access, but still anybody can list all the
applications submitted by all users.
For instance, if we have an admin user {{admin}} and two normal users {{u1}}
and {{u2}}, and each of them submitted one application, all of them can see in
the main page of SHS:
||App ID||App Name|| ... ||Spark User|| ... ||
|app-123456789|The Admin App| .. |admin| ... |
|app-123456790|u1 secret app| .. |u1| ... |
|app-123456791|u2 secret app| .. |u2| ... |
Then clicking on each application, the proper permissions are applied and each
user can see only the applications he has the read permission for.
Instead, each user should see only the applications he has the permission to
read and he/she should not be able to see applications he has not the
permissions for.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
