[AMBARI-20768] Local Ambari user with no cluster role must not be able to access Logsearch UI - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: trunk, 2.5.0
Fix Version/s: 2.5.1
Component/s: logsearch
Labels:
None

Description

A local Ambari user with no cluster roles assigned to it can successfully log into the Logsearch UI.

Logsearch service exercises restriction on who can access its UI using a property "logsearch.roles.allowed". This property is a comma-separated list of roles to be allowed access to Logsearch UI. This defect deals with the following issue:
1. If Logsearch service requires that only certain roles be allowed to access its UI, then a local Ambari user with no roles must not be allowed to access the UI.

DESIRED BEHAVIOR:
=================
1. A local user with no role assigned to it, must not be able to access Logsearch UI.

Note: The description has been updated by removing the aspect of correcting the behavior for Ambari Administrator role for the Logsearch UI.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-20768_branch-2.5_updated.patch
20/Apr/17 05:27
1 kB
Keta Patel
AMBARI-20768_branch-2.5.0.patch
18/Apr/17 05:32
2 kB
Keta Patel
all_tests_successful.png
18/Apr/17 05:12
25 kB
Keta Patel

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Keta Patel

Reporter:: Keta Patel

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Apr/17 07:08

Updated:: 16/Feb/18 13:15

Resolved:: 20/Apr/17 11:40