Ying Chen created ZEPPELIN-3397: ----------------------------------- Summary: User with read only access can update the permissions of a notebook and gain write access Key: ZEPPELIN-3397 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3397 Project: Zeppelin Issue Type: Bug Components: security Affects Versions: 0.7.3 Environment: Linux: Centos 7.2
HDP: 2.6.3 Zeppelin: 0.7.3 Reporter: Ying Chen Attachments: image-2018-04-09-12-08-39-371.png, image-2018-04-09-12-09-27-992.png, image-2018-04-09-12-09-49-994.png Currently I have a notebook in which is own by the admin, in which user1 has "Read" access. As user1, I can click on "Note permissions" and display the permissions. !image-2018-04-09-12-08-39-371.png! I then proceed to modify it and save it . !image-2018-04-09-12-09-27-992.png! !image-2018-04-09-12-09-49-994.png! Then as user1, I can actually go edit the paragraphs and run it after my permission has been updated. -- This message was sent by Atlassian JIRA (v7.6.3#76005)