Ying Chen created ZEPPELIN-3397:
-----------------------------------
Summary: User with read only access can update the permissions of
a notebook and gain write access
Key: ZEPPELIN-3397
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3397
Project: Zeppelin
Issue Type: Bug
Components: security
Affects Versions: 0.7.3
Environment: Linux: Centos 7.2
HDP: 2.6.3
Zeppelin: 0.7.3
Reporter: Ying Chen
Attachments: image-2018-04-09-12-08-39-371.png,
image-2018-04-09-12-09-27-992.png, image-2018-04-09-12-09-49-994.png
Currently I have a notebook in which is own by the admin, in which user1 has
"Read" access.
As user1, I can click on "Note permissions" and display the permissions.
!image-2018-04-09-12-08-39-371.png!
I then proceed to modify it and save it .
!image-2018-04-09-12-09-27-992.png!
!image-2018-04-09-12-09-49-994.png!
Then as user1, I can actually go edit the paragraphs and run it after my
permission has been updated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
