Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3397

User with read only access can update the permissions of a notebook and gain write access

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 0.7.3
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None
    • Environment:

      Linux: Centos 7.2 

      HDP: 2.6.3 

      Zeppelin: 0.7.3 

      Description

      NOTE:  Less of an issue if we prevent user from accessing some of the UI....   https://issues.apache.org/jira/browse/ZEPPELIN-3396   (Tho I think the curl endpoints may also need to be updated) 

       

      Currently I have a notebook in which is own by the admin, in which user1 has "Read" access.

       As user1,  I can click on "Note permissions" and display the permissions.

       

      I then proceed to modify it and save it . 

       

      Then as user1,  I can actually go edit the paragraphs and run it after my permission has been updated.

        Attachments

        1. image-2018-04-09-12-09-49-994.png
          103 kB
          Ying Chen
        2. image-2018-04-09-12-09-27-992.png
          83 kB
          Ying Chen
        3. image-2018-04-09-12-08-39-371.png
          81 kB
          Ying Chen

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ying1 Ying Chen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: