You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/05/01 09:01:04 UTC

[jira] [Updated] (AMBARI-20874) Add (optional) role to Request resource to indicate appropriate access to input data

     [ https://issues.apache.org/jira/browse/AMBARI-20874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-20874:
----------------------------------
    Description: 
Mask the data for sensitive fields and properties in Request resource responses to protect that data.

{{org.apache.ambari.server.utils.SecretReference#maskPasswordInPropertyMap}} is used {{org.apache.ambari.server.controller.internal.StageResourceProvider}} to protected sensitive data.  The same technique should be used in {{org.apache.ambari.server.controller.internal.RequestResourceProvider}}.

  was:
 Add (optional) role to Request resource to indicate appropriate access to input data. 

The Request resource contains the following information:
* {{action}} (name)
* {{context}} (description)
* {{parameters}} (name/value pairs)

Information within the {{parameters}}  may not suitable for all to have access.  By adding a set of one of more roles that should be allowed to access this data, a layer of protection may be added to keep potentially sensitive information safe. 

Users with the Ambari Administrator role will have access to the data regardless of the specified role set.

The set of roles is optional. If not set, the data will be open to any authenticated user. This is the current behavior.




> Add (optional) role to Request resource to indicate appropriate access to input data
> ------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20874
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20874
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.2.2
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>             Fix For: 3.0.0, 2.5.1, 2.4.3
>
>
> Mask the data for sensitive fields and properties in Request resource responses to protect that data.
> {{org.apache.ambari.server.utils.SecretReference#maskPasswordInPropertyMap}} is used {{org.apache.ambari.server.controller.internal.StageResourceProvider}} to protected sensitive data.  The same technique should be used in {{org.apache.ambari.server.controller.internal.RequestResourceProvider}}.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)