You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Keta Patel (JIRA)" <ji...@apache.org> on 2017/04/17 14:10:41 UTC

[jira] [Updated] (AMBARI-20768) Local Ambari user with no cluster role must not be able to access Logsearch UI

     [ https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keta Patel updated AMBARI-20768:
--------------------------------
    Summary: Local Ambari user with no cluster role must not be able to access Logsearch UI  (was: Local Ambari user with no cluster role can access Logsearch UI)

> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-20768
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20768
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>
> Ambari admin and local Ambari user with no cluster roles assigned to it are able to successfully log into Logsearch UI.
> However, when the local user is assigned some cluster role, that user is not able to log into Logsearch UI.
> As a fix to access the Logsearch UI by the cluster roles, the property "logsearch.roles.allowed" is added under Log Search->configs->Advanced->Custom logsearch-properties. This value of this property is a comma-separated list of the cluster roles allowed to log into Logsearch UI. As a result of this, the local ambari users having the corresponding roles are now able to log into Logsearch UI, but Ambari admins show unsuccessful login.
> On removing the "logsearch.roles.allowed" property, all Ambari admins, local users with NO roles assigned are able to successfully log into Logsearch UI, but users with some cluster roles assigned to them are not allowed to login.
> The following behavior is what is required:
> - Ambari Admins must be able to successfully log into Logsearch UI regardless of whether the "logsearch.roles.allowed" property has been added or not.
> - All local users with NO roles assigned to them must NOT be able to log into the Logsearch UI. This behavior is seen after adding the "logsearch.roles.allowed" property, but not before that. Ideally, those users must not be able to log into Logsearch UI regardless of whether the "logsearch.roles.allowed" was added or not.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)