[ https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keta Patel updated AMBARI-20768: -------------------------------- Attachment: (was: AMBARI-20768.patch) > Local Ambari user with no cluster role must not be able to access Logsearch UI > ------------------------------------------------------------------------------ > > Key: AMBARI-20768 > URL: https://issues.apache.org/jira/browse/AMBARI-20768 > Project: Ambari > Issue Type: Bug > Components: logsearch > Affects Versions: trunk, 2.5.0 > Reporter: Keta Patel > Assignee: Keta Patel > Attachments: all_tests_successful.png > > > A local Ambari user with no cluster roles assigned to it can successfully log > into the Logsearch UI. > Logsearch service exercises restriction on who can access its UI using a > property "logsearch.roles.allowed". This property is a comma-separated list > of roles to be allowed access to Logsearch UI. This defect deals with the > following 2 issues: > 1. If Logsearch service requires that only certain roles be allowed to access > its UI, then a local Ambari user with no roles must not be allowed to access > the UI. > 2. If some user with privilege to edit the config properties, updates > "logsearch.roles.allowed" by removing the "AMBARI.ADMINISTRATOR" role from > its list, then the Ambari Admins will not be able to access the Logsearch UI. > This violates the Ambari Administrator privilege which must be able to access > all frames of Ambari UI as well as perform all UI operations. > DESIRED BEHAVIOR: > ================= > 1. A local user with no role assigned to it, must not be able to access > Logsearch UI. > 2. Ambari Administrators must be always be allowed to access the Logsearch > UI. No user is allowed to revoke this access right of Ambari Administrator > for the Logsearch UI. -- This message was sent by Atlassian JIRA (v6.3.15#6346)