Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.4.0
Description
SCM side currently doesn't support fine grained user access control. It can only tell if the user behinds a client is a admin or not. So for write operations in SCMClientProtocolServer and SCMBlockProtocolServer, only admins are allowed. For read operations, it doesn't have such check. The goal of the admin check is to prevent authorized user to start resource consuming actions or critical actions on SCM, such as add new scm, decommission scm, delete container, delete block, etc.