You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Oleg Nechiporenko (JIRA)" <ji...@apache.org> on 2014/11/06 14:05:33 UTC

[jira] [Created] (AMBARI-8181) Non-cluster operator can access "Admin" tab content by going to /#/main/admin

Oleg Nechiporenko created AMBARI-8181:
-----------------------------------------

             Summary: Non-cluster operator can access "Admin" tab content by going to /#/main/admin
                 Key: AMBARI-8181
                 URL: https://issues.apache.org/jira/browse/AMBARI-8181
             Project: Ambari
          Issue Type: Bug
          Components: ambari-web
    Affects Versions: 1.7.0
            Reporter: Oleg Nechiporenko
            Assignee: Oleg Nechiporenko
             Fix For: 1.7.0


Log in as a user with "cluster use" but no "cluster operate" privilege.
In the browser, type /#/main/admin.
The user can access the content of Admin tab and is able to partially run Security Wizard (though the user cannot cause damage).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)