[AMBARI-21016] RBAC:Ambari should be sensitve to the change of login user's permissions. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 2.5.0
Fix Version/s: 2.5.1
Component/s: ambari-web
Labels:
None

Description

Steps to reproduce:
1.Login ambari with ambari administrator role and create a user named Test on host A.
2.Assign service administrator role(or any other one of five roles) to this user Test.
3.On host B, login ambari with user Test .Now it plays as a service administrato role.
4.On host A, unassign the role of user Test , or change the role to another one, or even delete this user.
5.On host B, we will find the user Test can continue to operate ambari with previous permissions as a service administrator which actually have already changed by step 4.

Except for on two different hosts, we also can reproduce this problem between two different browsers on local host.

One solution:
Periodly schedule a task to update current user's authorization. If receive an unauthorized acess exception or even user is deleted, we should log off current user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-21016.patch
13/May/17 11:16
2 kB
Lei Yao
AMBARI-21016.1.patch
16/May/17 14:10
6 kB
Lei Yao

Issue Links

links to

Review Board

Activity

People

Assignee:: Lei Yao

Reporter:: Lei Yao

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/May/17 10:57

Updated:: 04/Oct/19 16:12

Resolved:: 16/May/17 16:07