Marco Gaido created SPARK-23782: ----------------------------------- Summary: SHS should not show applications to user without read permission Key: SPARK-23782 URL: https://issues.apache.org/jira/browse/SPARK-23782 Project: Spark Issue Type: Bug Components: Web UI Affects Versions: 2.4.0 Reporter: Marco Gaido
The History Server shows all the applications to all the users, even though they have no permission to read them. They cannot read the details of the applications they cannot access, but still anybody can list all the applications submitted by all users. For instance, if we have an admin user {{admin}} and two normal users {{u1}} and {{u2}}, and each of them submitted one application, all of them can see in the main page of SHS: ||App ID||App Name|| ... ||Spark User|| ... || |app-123456789|The Admin App| .. |admin| ... | |app-123456790|u1 secret app| .. |u1| ... | |app-123456791|u2 secret app| .. |u2| ... | Then clicking on each application, the proper permissions are applied and each user can see only the applications he has the read permission for. Instead, each user should see only the applications he has the permission to read and he/she should not be able to see applications he has not the permissions for. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org