[RANGER-480] Need access control on REST API based on permission model - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.5.0
Fix Version/s: 0.5.0
Component/s: admin
Labels:
None

Description

Need to put access control on REST API
If a non-admin user has no permission to a particular module say "Audit" but the group to which he belongs has permission that module, then give access to that non-admin user. User permissions is a union of his and his group permissions.

Use-cases to be covered:
Get AuditLogs (user-with-no-permission) GET service/assets/accessAudit
Update user permission (non-admin) POST service/xusers/permission/user
Update group permission (non-admin) POST service/xusers/permission/group

Attachments

Issue Links

links to

Review request link

Activity

People

Assignee:: Pradeep Agrawal

Reporter:: Gautam Borad

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/May/15 08:41

Updated:: 20/May/16 13:21

Resolved:: 20/May/16 13:21