Re: Review Request 48415: Authorizations given to role-based principals must be dereferenced upon user login

Wed, 08 Jun 2016 07:46:54 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48415/#review136645
-----------------------------------------------------------


Ship it!




Ship It!

- Jonathan Hurley


On June 8, 2016, 9:53 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48415/
> -----------------------------------------------------------
> 
> (Updated June 8, 2016, 9:53 a.m.)
> 
> 
> Review request for Ambari, DIPAYAN BHOWMICK, Jonathan Hurley, Myroslav 
> Papirkovskyy, and Nate Cole.
> 
> 
> Bugs: AMBARI-16247
>     https://issues.apache.org/jira/browse/AMBARI-16247
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Authorizations given to role-based principals must be dereferenced upon user 
> login.  These authorizations are dynamically determined based on the user's 
> set of roles.  
> 
> In 
> `org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService#loadUserByUsername`,
>  the set of `GrantedAuthorities` the authenticated user is calculated.  
> During this process, using the set of `cluster-level roles` a user is 
> granted, any permissions given to matching role-based principals should be 
> given to the user. 
> 
> This essentially work like giving privileges to a group of users calculated 
> at runtime. 
> 
> A use-case to support the need for this is to assign access to a view to all 
> users with some specific role. Currently we can assign access to a view to a 
> specific user or group by assigning that user or group the `VIEW.USER` role 
> applied to the specific view.  To assign access a view to users who have a 
> specific role, a `role` will need to behave like a `principal`.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  545095d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
>  PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/48415/diff/
> 
> 
> Testing
> -------
> 
> Manually tested
> 
> # Local test results: PENDING
> 
> # Jenkinks test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Reply via email to