You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2016/06/17 10:13:05 UTC

[jira] [Created] (AMBARI-17292) Operations during upgrade are permitted by all roles

Andrew Onischuk created AMBARI-17292:
----------------------------------------

             Summary: Operations during upgrade are permitted by all roles
                 Key: AMBARI-17292
                 URL: https://issues.apache.org/jira/browse/AMBARI-17292
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 2.4.0
         Attachments: AMBARI-17292.patch

ambari-server --hash  
9a2943ba77371f1c20b4f3da900abb7c2e89d22b  
Build# ambari-server-2.4.0.0-591.x86_64

**Steps**

  1. Create user with different roles like Cluster user, Service Administrator etc.
  2. Login as Ambari admin user and start Express Upgrade (register version, install packages and start EU)
  3. Pause the Upgrade at any step that requires manual intervention (like stop YARN queue or backup DB or even at Finalize step)
  4. Logout and login as cluster user

**Result**:  
The logged in user has complete access to Upgrade Wizard and can resume
upgrade  
Also do actions like Downgrade, 'Ignore and Proceed', 'Retry'

The same is true for other roles like service administrator too, both during
upgrade and downgrade

**Expected Result:** Only Ambari Admin and Cluster Admin should be permitted to perform actions during cluster upgrade

Screenshots attached for reference while logged in as cluster user role
(cluser)

Another observation: While upgrade is in progress, login in a different
session as cluster user - the cluster user can view the upgrade wizard in
exact same way as admin





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)