You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Jeff Sposetti (JIRA)" <ji...@apache.org> on 2015/10/14 17:40:06 UTC
[jira] [Updated] (AMBARI-11350) Finer-grained role AuthZ for Ambari
Users
[ https://issues.apache.org/jira/browse/AMBARI-11350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Sposetti updated AMBARI-11350:
-----------------------------------
Description:
Ambari to provider role-based access controls beyond today's Ambari Admin, Operator and Read-Only permissions.
|| Role || Description ||
| Read-only | This exists as of Ambari 1.7.0. Read-only view of cluster information, including configurations, service status and health alerts|
| *Service Administrator* | Provides control of service lifecycle (start/stop/restart/decomm/recom) |
| *Service Operator* | Service Admin + ability to re-configure (change/compare/revert), configure HA |
| *Cluster Administrator* | Service Operator + add/remove hosts and components (for existing services) |
| *Cluster Operator* | Cluster Administrator + enable/disable kerberos, modify alerts, add service, perform upgrade (renamed from Operator) |
| Ambari Admin | This exists as of Ambari 1.7.0. Full cluster control + manage user, groups and views and this flag is applicable to any user regardless of Role |
Each role is to have permissions as shown below:
|| ||Read-Only||Service\\Administrator||Service\\Operator||Cluster\\Administrator||Cluster\\Operator||Administrator||
||Service-level Permissions||
|View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
|View status information |(+)|(+)|(+)|(+)|(+)|(+)|
|View configurations |(+)|(+)|(+)|(+)|(+)|(+)|
|Compare configurations |(+)|(+)|(+)|(+)|(+)|(+)|
|Start/Stop/Restart Service | |(+)|(+)|(+)|(+)|(+)|
|Decommission/recommission | |(+)|(+)|(+)|(+)|(+)|
|Run service checks | |(+)|(+)|(+)|(+)|(+)|
|Turn on/off maintenance mode | |(+)|(+)|(+)|(+)|(+)|
|Perform service-specific tasks| |(+)|(+)|(+)|(+)|(+)|
|Modify configurations | | |(+)|(+)|(+)|(+)|
|Manage configuration groups | | |(+)|(+)|(+)|(+)|
|Move to another host | | |(+)|(+)|(+)|(+)|
|Enable HA | | |(+)|(+)|(+)|(+)|
|Add Service to cluster | | | | |(+)|(+)|
||*Host-level Permissions*||
|View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
|View status information |(+)|(+)|(+)|(+)|(+)|(+)|
|View configuration |(+)|(+)|(+)|(+)|(+)|(+)|
|Turn on/off maintenance mode | | | |(+)|(+)|(+)|
|Install components | | | |(+)|(+)|(+)|
|Add/Delete hosts | | | |(+)|(+)|(+)|
||Cluster-level Permissions||
|View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
|View status information |(+)|(+)|(+)|(+)|(+)|(+)|
|View configuration |(+)|(+)|(+)|(+)|(+)|(+)|
|View stack version details |(+)|(+)|(+)|(+)|(+)|(+)|
|View alerts |(+)|(+)|(+)|(+)|(+)|(+)|
|Enable/disable alerts | | | | |(+)|(+)|
|Enable/disable Kerberos | | | | |(+)|(+)|
|Upgrade/downgrade stack | | | | |(+)|(+)|
||Ambari-level Permissions||
|Create new clusters | | | | | |(+)|
|Set service users and groups | | | | | |(+)|
|Rename clusters | | | | | |(+)|
|Manage users | | | | | |(+)|
|Manage groups | | | | | |(+)|
|Manage Ambari Views | | | | | |(+)|
|Assign permissions/roles | | | | | |(+)|
|Manage stack versions | | | | | |(+)|
|Edit stack repository URLs | | | | | |(+)|
was:
Ambari to provider role-based access controls beyond today's Ambari Admin, Operator and Read-Only permissions.
|| Role || Description ||
| Read-only | This exists as of Ambari 2.0. Read-only view of cluster information, including configurations, service status and health alerts|
| *Service Administrator* | Provides control of service lifecycle (start/stop/restart/decomm/recom) |
| *Service Operator* | Service Admin + ability to re-configure (change/compare/revert), configure HA |
| *Cluster Operator* | Service Operator + enable/disable kerberos, modify alerts, add service, perform upgrade |
| Operator | This exists as of Ambari 2.0. Full cluster control.|
| Ambari Admin | This exists as of Ambari 2.0. Full cluster control + manage user, groups and views and this flag is applicable to any user regardless of Role |
> Finer-grained role AuthZ for Ambari Users
> -----------------------------------------
>
> Key: AMBARI-11350
> URL: https://issues.apache.org/jira/browse/AMBARI-11350
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Jeff Sposetti
>
> Ambari to provider role-based access controls beyond today's Ambari Admin, Operator and Read-Only permissions.
> || Role || Description ||
> | Read-only | This exists as of Ambari 1.7.0. Read-only view of cluster information, including configurations, service status and health alerts|
> | *Service Administrator* | Provides control of service lifecycle (start/stop/restart/decomm/recom) |
> | *Service Operator* | Service Admin + ability to re-configure (change/compare/revert), configure HA |
> | *Cluster Administrator* | Service Operator + add/remove hosts and components (for existing services) |
> | *Cluster Operator* | Cluster Administrator + enable/disable kerberos, modify alerts, add service, perform upgrade (renamed from Operator) |
> | Ambari Admin | This exists as of Ambari 1.7.0. Full cluster control + manage user, groups and views and this flag is applicable to any user regardless of Role |
> Each role is to have permissions as shown below:
> || ||Read-Only||Service\\Administrator||Service\\Operator||Cluster\\Administrator||Cluster\\Operator||Administrator||
> ||Service-level Permissions||
> |View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
> |View status information |(+)|(+)|(+)|(+)|(+)|(+)|
> |View configurations |(+)|(+)|(+)|(+)|(+)|(+)|
> |Compare configurations |(+)|(+)|(+)|(+)|(+)|(+)|
> |Start/Stop/Restart Service | |(+)|(+)|(+)|(+)|(+)|
> |Decommission/recommission | |(+)|(+)|(+)|(+)|(+)|
> |Run service checks | |(+)|(+)|(+)|(+)|(+)|
> |Turn on/off maintenance mode | |(+)|(+)|(+)|(+)|(+)|
> |Perform service-specific tasks| |(+)|(+)|(+)|(+)|(+)|
> |Modify configurations | | |(+)|(+)|(+)|(+)|
> |Manage configuration groups | | |(+)|(+)|(+)|(+)|
> |Move to another host | | |(+)|(+)|(+)|(+)|
> |Enable HA | | |(+)|(+)|(+)|(+)|
> |Add Service to cluster | | | | |(+)|(+)|
> ||*Host-level Permissions*||
> |View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
> |View status information |(+)|(+)|(+)|(+)|(+)|(+)|
> |View configuration |(+)|(+)|(+)|(+)|(+)|(+)|
> |Turn on/off maintenance mode | | | |(+)|(+)|(+)|
> |Install components | | | |(+)|(+)|(+)|
> |Add/Delete hosts | | | |(+)|(+)|(+)|
> ||Cluster-level Permissions||
> |View metrics |(+)|(+)|(+)|(+)|(+)|(+)|
> |View status information |(+)|(+)|(+)|(+)|(+)|(+)|
> |View configuration |(+)|(+)|(+)|(+)|(+)|(+)|
> |View stack version details |(+)|(+)|(+)|(+)|(+)|(+)|
> |View alerts |(+)|(+)|(+)|(+)|(+)|(+)|
> |Enable/disable alerts | | | | |(+)|(+)|
> |Enable/disable Kerberos | | | | |(+)|(+)|
> |Upgrade/downgrade stack | | | | |(+)|(+)|
> ||Ambari-level Permissions||
> |Create new clusters | | | | | |(+)|
> |Set service users and groups | | | | | |(+)|
> |Rename clusters | | | | | |(+)|
> |Manage users | | | | | |(+)|
> |Manage groups | | | | | |(+)|
> |Manage Ambari Views | | | | | |(+)|
> |Assign permissions/roles | | | | | |(+)|
> |Manage stack versions | | | | | |(+)|
> |Edit stack repository URLs | | | | | |(+)|
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)