You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Soumitra Sulav (Jira)" <ji...@apache.org> on 2022/05/03 12:38:00 UTC
[jira] [Created] (HDDS-6693) [MultiTenancy] User info should have limited access except for admin
Soumitra Sulav created HDDS-6693:
------------------------------------
Summary: [MultiTenancy] User info should have limited access except for admin
Key: HDDS-6693
URL: https://issues.apache.org/jira/browse/HDDS-6693
Project: Apache Ozone
Issue Type: Bug
Components: Ozone Manager
Affects Versions: 1.3.0
Reporter: Soumitra Sulav
Currently, user info API can be accessed by any user and get the tenant information even for non-admin users.
{code:java}
bash-4.2$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: testuser2/scm@EXAMPLE.COMValid starting Expires Service principal
05/03/22 12:33:03 05/04/22 12:33:03 krbtgt/EXAMPLE.COM@EXAMPLE.COM
renew until 05/10/22 12:33:03
bash-4.2$ ozone tenant user info testuser2 om testuser
User 'testuser2' is assigned to:
- Tenant 'tenantone' with accessId 'tenantone$testuser2'
User 'om' is assigned to:
- Tenant 'tenantone' with accessId 'tenantone$om'
User 'testuser' is assigned to:
- Tenant 'tenantone' delegated admin with accessId 'tenantone$testuser' {code}
The information should be limited to the user principal session or only be allowed for the admin user.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org