[jira] [Updated] (AMBARI-20768) Local Ambari user with no cluster role must not be able to access Logsearch UI

Mon, 17 Apr 2017 07:10:59 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Keta Patel updated AMBARI-20768:
--------------------------------
    Summary: Local Ambari user with no cluster role must not be able to access 
Logsearch UI  (was: Local Ambari user with no cluster role can access Logsearch 
UI)

> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-20768
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20768
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>
> Ambari admin and local Ambari user with no cluster roles assigned to it are 
> able to successfully log into Logsearch UI.
> However, when the local user is assigned some cluster role, that user is not 
> able to log into Logsearch UI.
> As a fix to access the Logsearch UI by the cluster roles, the property 
> "logsearch.roles.allowed" is added under Log 
> Search->configs->Advanced->Custom logsearch-properties. This value of this 
> property is a comma-separated list of the cluster roles allowed to log into 
> Logsearch UI. As a result of this, the local ambari users having the 
> corresponding roles are now able to log into Logsearch UI, but Ambari admins 
> show unsuccessful login.
> On removing the "logsearch.roles.allowed" property, all Ambari admins, local 
> users with NO roles assigned are able to successfully log into Logsearch UI, 
> but users with some cluster roles assigned to them are not allowed to login.
> The following behavior is what is required:
> - Ambari Admins must be able to successfully log into Logsearch UI regardless 
> of whether the "logsearch.roles.allowed" property has been added or not.
> - All local users with NO roles assigned to them must NOT be able to log into 
> the Logsearch UI. This behavior is seen after adding the 
> "logsearch.roles.allowed" property, but not before that. Ideally, those users 
> must not be able to log into Logsearch UI regardless of whether the 
> "logsearch.roles.allowed" was added or not.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to