[
https://issues.apache.org/jira/browse/AMBARI-20860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-20860:
----------------------------------
Description:
Update the backend for improved user management.
User management tables in the DB should be:
*{{users}}*
||Name||Type||Description||
|user_id|INTEGER|Internal unique identifier|
|principal_id|INTEGER|Foreign key from adminprincipal table|
|user_name|VARCHAR|Unique, case-insensitive, login identifier expected to be
used when logging into Ambari|
|create_time|TIMESTAMP|Creation time for this account in Ambari|
|active|BOOLEAN|Active/not active flag|
|consecutive_failed_auth_attemps|INTEGER|The number a failed authorization
attempts since the last successful authentication|
|active_widgets_layout|VARCHAR| |
|display_name|VARCHAR|Cosmetic name value to show the user in user interfaces|
|local_username|VARCHAR|Case-sensitive username to use when impersonating user
in facilities like Ambari Views|
* Primary Key: {{user_id
* Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}}
*{{user_authentication_local}}*
||Name||Type||Description||
|user_id|INTEGER|Foreign key from user table|
|password|VARCHAR| |
|create_time|TIMESTAMP|Creation time of this record
|update_time|TIMESTAMP|Update time for this record, can be used to enforce
password retention times|
* Primary Key: {{user_id}}
* Foreign Key: {{user_id}} -> {{users.user_id}}
*{{user_authentication_remote}}*
||Name||Type||Description||
|type|VARCHAR|Type of remote system - LDAP, KERBEROS, JTW, PAM, etc...
|remote_id|VARCHAR|Type-specific remote identifier:
* LDAP: the user’s distinguished name
* KERBEROS: the user’s principal
* etc...|
|user_id|INTEGER|Foreign key from user table|
|create_time|TIMESTAMP|Creation time of this record|
* Primary Key: {{type}}, {{remote_id}}
* Foreign Key: {{user_id}} -> {{users.user_id}}
Java code needs to change accordingly.
was:
Update the backend for improved user management.
User management tables in the DB should be:
*{{users}}*
||Name||Type||Description||
|user_id|INTEGER|Internal unique identifier|
|principal_id|INTEGER|Foreign key from adminprincipal table|
|user_name|VARCHAR|Unique, case-insensitive, login identifier expected to be
used when logging into Ambari|
|create_time|TIMESTAMP|Creation time for this account in Ambari|
|active|BOOLEAN|Active/not active flag|
|consecutive_failed_auth_attemps|INTEGER|The number a failed authorization
attempts since the last successful authentication|
|active_widgets_layout|VARCHAR||
|display_name|VARCHAR|Cosmetic name value to show the user in user interfaces|
|local_username|VARCHAR|Case-sensitive username to use when impersonating user
in facilities like Ambari Views|
* Primary Key: {{user_id
* Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}}
*{{user_authentication_local}}*
||Name||Type||Description||
|user_id|INTEGER|Foreign key from user table|
|password|VARCHAR||
|create_time|TIMESTAMP|Creation time of this record
|update_time|TIMESTAMP|Update time for this record, can be used to enforce
password retention times|
* Primary Key: {{user_id}}
* Foreign Key: {{user_id}} -> {{users.user_id}}
*{{user_authentication_remote}}*
||Name||Type||Description||
|type|VARCHAR|Type of remote system - LDAP, KERBEROS, JTW, PAM, etc...
|remote_id|VARCHAR|Type-specific remote identifier:
* LDAP: the user’s distinguished name
* KERBEROS: the user’s principal
* etc...|
|user_id|INTEGER|Foreign key from user table|
|create_time|TIMESTAMP|Creation time of this record|
* Primary Key: {{type}}, {{remote_id}}
* Foreign Key: {{user_id}} -> {{users.user_id}}
Java code needs to change accordingly.
> BE: Improve User Account Management
> ------------------------------------
>
> Key: AMBARI-20860
> URL: https://issues.apache.org/jira/browse/AMBARI-20860
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 3.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: authentication, security
> Fix For: 3.0.0
>
>
> Update the backend for improved user management.
> User management tables in the DB should be:
> *{{users}}*
> ||Name||Type||Description||
> |user_id|INTEGER|Internal unique identifier|
> |principal_id|INTEGER|Foreign key from adminprincipal table|
> |user_name|VARCHAR|Unique, case-insensitive, login identifier expected to be
> used when logging into Ambari|
> |create_time|TIMESTAMP|Creation time for this account in Ambari|
> |active|BOOLEAN|Active/not active flag|
> |consecutive_failed_auth_attemps|INTEGER|The number a failed authorization
> attempts since the last successful authentication|
> |active_widgets_layout|VARCHAR| |
> |display_name|VARCHAR|Cosmetic name value to show the user in user interfaces|
> |local_username|VARCHAR|Case-sensitive username to use when impersonating
> user in facilities like Ambari Views|
> * Primary Key: {{user_id
> * Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}}
> *{{user_authentication_local}}*
> ||Name||Type||Description||
> |user_id|INTEGER|Foreign key from user table|
> |password|VARCHAR| |
> |create_time|TIMESTAMP|Creation time of this record
> |update_time|TIMESTAMP|Update time for this record, can be used to enforce
> password retention times|
> * Primary Key: {{user_id}}
> * Foreign Key: {{user_id}} -> {{users.user_id}}
> *{{user_authentication_remote}}*
> ||Name||Type||Description||
> |type|VARCHAR|Type of remote system - LDAP, KERBEROS, JTW, PAM, etc...
> |remote_id|VARCHAR|Type-specific remote identifier:
> * LDAP: the user’s distinguished name
> * KERBEROS: the user’s principal
> * etc...|
> |user_id|INTEGER|Foreign key from user table|
> |create_time|TIMESTAMP|Creation time of this record|
> * Primary Key: {{type}}, {{remote_id}}
> * Foreign Key: {{user_id}} -> {{users.user_id}}
> Java code needs to change accordingly.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
