[ https://issues.apache.org/jira/browse/DRILL-6690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Krystal updated DRILL-6690: --------------------------- Description: Through restapi, non-admin users can access drill metrics data: {code:java} [root@mfs41 ~]# curl -b ~/.drill_cookies -k -H "Content-Type: application/json" -X GET https://10.10.10.000:8047/status/metrics {"version":"4.0.0","gauges":{"G1-Old-Generation.count":{"value":0},"G1-Old-Generation.time":{"value":0},"G1-Young-Generation.count":{"value":8},"G1-Young-Generation.time":{"value":329},"blocked.count":{"value":0},"count":{"value":28},"daemon.count":{"value":19},...{code} was: Through restapi, non-admin users can access drill metrics data: {code:java} [root@mfs41 ~]# curl -b ~/.drill_cookies -k -H "Content-Type: application/json" -X GET https://10.10.30.206:8047/status/metrics {"version":"4.0.0","gauges":{"G1-Old-Generation.count":{"value":0},"G1-Old-Generation.time":{"value":0},"G1-Young-Generation.count":{"value":8},"G1-Young-Generation.time":{"value":329},"blocked.count":{"value":0},"count":{"value":28},"daemon.count":{"value":19},...{code} > Non-admin users can access metrics page using restAPI > ----------------------------------------------------- > > Key: DRILL-6690 > URL: https://issues.apache.org/jira/browse/DRILL-6690 > Project: Apache Drill > Issue Type: Bug > Components: Security > Affects Versions: 1.14.0 > Reporter: Krystal > Priority: Major > > Through restapi, non-admin users can access drill metrics data: > {code:java} > [root@mfs41 ~]# curl -b ~/.drill_cookies -k -H "Content-Type: > application/json" -X GET https://10.10.10.000:8047/status/metrics > {"version":"4.0.0","gauges":{"G1-Old-Generation.count":{"value":0},"G1-Old-Generation.time":{"value":0},"G1-Young-Generation.count":{"value":8},"G1-Young-Generation.time":{"value":329},"blocked.count":{"value":0},"count":{"value":28},"daemon.count":{"value":19},...{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)