[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16626353#comment-16626353 ] Hudson commented on AMBARI-24546: - SUCCESS: Integrated in Jenkins build Ambari-logsearch-ga-test #2 (See [https://builds.apache.org/job/Ambari-logsearch-ga-test/2/]) AMBARI-24546. Inserting new role authorization into DB tables (#2261) (github: [https://gitbox.apache.org/repos/asf?p=ambari.git=commit=991e107030ff7e0fbbf220a02abdde906ad0a526]) * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16619216#comment-16619216 ] Robert Levas commented on AMBARI-24546: --- [~smolnar], Should this be resolved? > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16605999#comment-16605999 ] Hudson commented on AMBARI-24546: - SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9925 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9925/]) AMBARI-24546. Inserting new role authorization into DB tables (#2261) (github: [https://gitbox.apache.org/repos/asf?p=ambari.git=commit=991e107030ff7e0fbbf220a02abdde906ad0a526]) * (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16605942#comment-16605942 ] Hudson commented on AMBARI-24546: - SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #229 (See [https://builds.apache.org/job/Ambari-branch-2.7/229/]) AMBARI-24546. Inserting new role authorization into DB tables (#2262) (github: [https://gitbox.apache.org/repos/asf?p=ambari.git=commit=6904d17a673baadac4bcc77e9361c5e0816fc3a7]) * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql * (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 4h 50m > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16598632#comment-16598632 ] Hudson commented on AMBARI-24546: - SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #209 (See [https://builds.apache.org/job/Ambari-branch-2.7/209/]) AMBARI-24546. Only authenticated users with proper AMBARI/CLUSTER (github: [https://gitbox.apache.org/repos/asf?p=ambari.git=commit=0c3812bbb563b1d05d916e7af46ac9bc6cab31ea]) * (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java * (edit) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java * (edit) ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog272.java * (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java * (edit) ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog272Test.java > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data
[ https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16598461#comment-16598461 ] Hudson commented on AMBARI-24546: - SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9903 (See [https://builds.apache.org/job/Ambari-trunk-Commit/9903/]) AMBARI-24546. Only authenticated users with proper AMBARI/CLUSTER (github: [https://gitbox.apache.org/repos/asf?p=ambari.git=commit=8a79291ff36b23014a14261c703658437db9acc3]) * (edit) ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog272Test.java * (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java * (edit) ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog272.java * (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java * (edit) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java > Protect the Request resource so that only authorized users may have read-only > access the data > - > > Key: AMBARI-24546 > URL: https://issues.apache.org/jira/browse/AMBARI-24546 > Project: Ambari > Issue Type: Bug > Components: ambari-server >Affects Versions: 2.3.0 >Reporter: Robert Levas >Assignee: Sandor Molnar >Priority: Major > Labels: pull-request-available, rbac > Fix For: 2.7.2 > > Time Spent: 3h > Remaining Estimate: 0h > > Protect the Request resource so that only authorized users may have read-only > access the data. > Users with the following roles should have read-only access: > * {{AMBARI.ADMINISTRATOR}} > * {{CLUSTER.ADMINISTRATOR}} > * {{CLUSTER.OPERATOR}} > * {{SERVICE.ADMINISTRATOR}} > * {{SERVICE.OPERATOR}} > * {{CLUSTER.USER}} > Users with no role related to the cluster may not view the data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)