You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Oleg Nechiporenko (JIRA)" <ji...@apache.org> on 2014/11/06 14:05:33 UTC
[jira] [Created] (AMBARI-8181) Non-cluster operator can access
"Admin" tab content by going to /#/main/admin
Oleg Nechiporenko created AMBARI-8181:
-----------------------------------------
Summary: Non-cluster operator can access "Admin" tab content by going to /#/main/admin
Key: AMBARI-8181
URL: https://issues.apache.org/jira/browse/AMBARI-8181
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 1.7.0
Reporter: Oleg Nechiporenko
Assignee: Oleg Nechiporenko
Fix For: 1.7.0
Log in as a user with "cluster use" but no "cluster operate" privilege.
In the browser, type /#/main/admin.
The user can access the content of Admin tab and is able to partially run Security Wizard (though the user cannot cause damage).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)