[ https://issues.apache.org/jira/browse/MESOS-5709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joerg Schad reassigned MESOS-5709: ---------------------------------- Assignee: Joerg Schad (was: zhou xing) > Authorization for /roles > ------------------------ > > Key: MESOS-5709 > URL: https://issues.apache.org/jira/browse/MESOS-5709 > Project: Mesos > Issue Type: Task > Components: security > Reporter: Adam B > Assignee: Joerg Schad > Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /roles endpoint exposes the list of all roles and their weights, as well > as the list of all frameworkIds registered with each role. This is a superset > of the information exposed on GET /weights, which we already protect. We > should protect the data in /roles the same way. > - Should we reuse VIEW_FRAMEWORK with role (from /state)? > - Should we add a new VIEW_ROLE and adapt GET_WEIGHTS to use it? -- This message was sent by Atlassian JIRA (v6.3.4#6332)