You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Srimanth Gunturi (JIRA)" <ji...@apache.org> on 2015/06/02 22:51:50 UTC
[jira] [Commented] (AMBARI-11628) Ambari operator (non-admin) is
not able to view service configs
[ https://issues.apache.org/jira/browse/AMBARI-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14569739#comment-14569739 ]
Srimanth Gunturi commented on AMBARI-11628:
-------------------------------------------
We do not allow non-admins to do POST calls.... which causes problem here as calls to {{/api/v1/stacks/HDP/versions/2.3/recommendations}} and {{/api/v1/stacks/HDP/versions/2.3/validations}} are POST calls,
The fix is to allow authenticated non-admins to do POST calls only to the above 2 endpoints.
This should be OK as the resources are not actually persisted.
It turns out that in AMBARI-7329 already allowed POST calls for non-operators to /validations endpoint.
So this JIRA is just adding /recommendations also.
> Ambari operator (non-admin) is not able to view service configs
> ---------------------------------------------------------------
>
> Key: AMBARI-11628
> URL: https://issues.apache.org/jira/browse/AMBARI-11628
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Srimanth Gunturi
> Assignee: Srimanth Gunturi
> Fix For: 2.1.0
>
>
> Login to Ambari as an operator only (non-admin) and going to any service configs results in a 403 Forbidden response and an automatic logout of the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)