----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48415/#review136644 -----------------------------------------------------------
Ship it! Ship It! - Nate Cole On June 8, 2016, 9:53 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48415/ > ----------------------------------------------------------- > > (Updated June 8, 2016, 9:53 a.m.) > > > Review request for Ambari, DIPAYAN BHOWMICK, Jonathan Hurley, Myroslav > Papirkovskyy, and Nate Cole. > > > Bugs: AMBARI-16247 > https://issues.apache.org/jira/browse/AMBARI-16247 > > > Repository: ambari > > > Description > ------- > > Authorizations given to role-based principals must be dereferenced upon user > login. These authorizations are dynamically determined based on the user's > set of roles. > > In > `org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService#loadUserByUsername`, > the set of `GrantedAuthorities` the authenticated user is calculated. > During this process, using the set of `cluster-level roles` a user is > granted, any permissions given to matching role-based principals should be > given to the user. > > This essentially work like giving privileges to a group of users calculated > at runtime. > > A use-case to support the need for this is to assign access to a view to all > users with some specific role. Currently we can assign access to a view to a > specific user or group by assigning that user or group the `VIEW.USER` role > applied to the specific view. To assign access a view to users who have a > specific role, a `role` will need to behave like a `principal`. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java > 545095d > > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/48415/diff/ > > > Testing > ------- > > Manually tested > > # Local test results: PENDING > > # Jenkinks test results: PENDING > > > Thanks, > > Robert Levas > >