You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Pradeep Agrawal (JIRA)" <ji...@apache.org> on 2016/05/20 13:21:12 UTC
[jira] [Commented] (RANGER-480) Need access control on REST API
based on permission model
[ https://issues.apache.org/jira/browse/RANGER-480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293341#comment-15293341 ]
Pradeep Agrawal commented on RANGER-480:
----------------------------------------
* Get AuditLogs (user-with-no-permission) GET service/assets/accessAudit : Audit logs can not be fetched if user do not have permission in audit module
* Update user permission (non-admin) POST service/xusers/permission/user : non admin user can not update users permissions
* Update group permission (non-admin) POST service/xusers/permission/group : non admin user can not update groups permissions
> Need access control on REST API based on permission model
> ---------------------------------------------------------
>
> Key: RANGER-480
> URL: https://issues.apache.org/jira/browse/RANGER-480
> Project: Ranger
> Issue Type: Task
> Components: admin
> Affects Versions: 0.5.0
> Reporter: Gautam Borad
> Assignee: Pradeep Agrawal
> Fix For: 0.5.0
>
>
> *Need to put access control on REST API*
> If a non-admin user has no permission to a particular module say "Audit" but the group to which he belongs has permission that module, then give access to that non-admin user. User permissions is a union of his and his group permissions.
> *Use-cases to be covered:*
> Get AuditLogs (user-with-no-permission) GET service/assets/accessAudit
> Update user permission (non-admin) POST service/xusers/permission/user
> Update group permission (non-admin) POST service/xusers/permission/group
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)