[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-09-24 Thread Hudson (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16626353#comment-16626353
 ] 

Hudson commented on AMBARI-24546:
-

SUCCESS: Integrated in Jenkins build Ambari-logsearch-ga-test #2 (See 
[https://builds.apache.org/job/Ambari-logsearch-ga-test/2/])
AMBARI-24546. Inserting new role authorization into DB tables (#2261) (github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=991e107030ff7e0fbbf220a02abdde906ad0a526])
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 4h 50m
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-09-18 Thread Robert Levas (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16619216#comment-16619216
 ] 

Robert Levas commented on AMBARI-24546:
---

[~smolnar], Should this be resolved?


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 4h 50m
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-09-06 Thread Hudson (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16605999#comment-16605999
 ] 

Hudson commented on AMBARI-24546:
-

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9925 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/9925/])
AMBARI-24546. Inserting new role authorization into DB tables (#2261) (github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=991e107030ff7e0fbbf220a02abdde906ad0a526])
* (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 4h 50m
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-09-06 Thread Hudson (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16605942#comment-16605942
 ] 

Hudson commented on AMBARI-24546:
-

SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #229 (See 
[https://builds.apache.org/job/Ambari-branch-2.7/229/])
AMBARI-24546. Inserting new role authorization into DB tables (#2262) (github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=6904d17a673baadac4bcc77e9361c5e0816fc3a7])
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 4h 50m
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-08-31 Thread Hudson (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16598632#comment-16598632
 ] 

Hudson commented on AMBARI-24546:
-

SUCCESS: Integrated in Jenkins build Ambari-branch-2.7 #209 (See 
[https://builds.apache.org/job/Ambari-branch-2.7/209/])
AMBARI-24546. Only authenticated users with proper AMBARI/CLUSTER (github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=0c3812bbb563b1d05d916e7af46ac9bc6cab31ea])
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog272.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog272Test.java


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 3h 50m
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-24546) Protect the Request resource so that only authorized users may have read-only access the data

2018-08-31 Thread Hudson (JIRA) 


[ 
https://issues.apache.org/jira/browse/AMBARI-24546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16598461#comment-16598461
 ] 

Hudson commented on AMBARI-24546:
-

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #9903 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/9903/])
AMBARI-24546. Only authenticated users with proper AMBARI/CLUSTER (github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git=commit=8a79291ff36b23014a14261c703658437db9acc3])
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog272Test.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog272.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java


> Protect the Request resource so that only authorized users may have read-only 
> access the data
> -
>
> Key: AMBARI-24546
> URL: https://issues.apache.org/jira/browse/AMBARI-24546
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.3.0
>Reporter: Robert Levas
>Assignee: Sandor Molnar
>Priority: Major
>  Labels: pull-request-available, rbac
> Fix For: 2.7.2
>
>  Time Spent: 3h
>  Remaining Estimate: 0h
>
> Protect the Request resource so that only authorized users may have read-only 
> access the data.
> Users with the following roles should have read-only access:
> * {{AMBARI.ADMINISTRATOR}}
> * {{CLUSTER.ADMINISTRATOR}}
> * {{CLUSTER.OPERATOR}}
> * {{SERVICE.ADMINISTRATOR}}
> * {{SERVICE.OPERATOR}}
> * {{CLUSTER.USER}}
> Users with no role related to the cluster may not view the data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)