[ATLAS-2009] Any non-admin user in users-credentials.properties is able to access /api/atlas/admin path - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.8.1, 1.0.0
Component/s: atlas-core
Labels:
None

Description

Any non-admin user (ex: rangertagsync) specified in conf/users-credentials.properties is able to access the /api/atlas/admin path. Is this expected ?
One of the use cases is Export and Import API's ,which should be permitted only by admin user to be executed. But any user is able to execute it.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ATLAS-2009.patch
01/Aug/17 14:52
1 kB
Nixon Rodrigues

Activity

People

Assignee:: Nixon Rodrigues

Reporter:: Sharmadha S

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 31/Jul/17 08:57

Updated:: 07/Aug/17 06:23

Resolved:: 07/Aug/17 06:23