You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "Balu Vellanki (JIRA)" <ji...@apache.org> on 2014/08/04 06:37:12 UTC
[jira] [Issue Comment Deleted] (FALCON-466) REST APIs must add the
entity owner as an implicit filter
[ https://issues.apache.org/jira/browse/FALCON-466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Balu Vellanki updated FALCON-466:
---------------------------------
Comment: was deleted
(was: This patch should be applied in sequence, after patches provided under Falcon JIRA-470 named falcon-470-471-472-473.patch, Falcon JIRA-504 named Falcon-Jira-504.patch, and Falcon JIRA-466 patch named Falcon-Jira-466.v2.patch.)
> REST APIs must add the entity owner as an implicit filter
> ---------------------------------------------------------
>
> Key: FALCON-466
> URL: https://issues.apache.org/jira/browse/FALCON-466
> Project: Falcon
> Issue Type: Sub-task
> Components: webapp
> Affects Versions: 0.6
> Reporter: Venkatesh Seetharam
> Assignee: Balu Vellanki
> Labels: authorization, security
> Fix For: 0.6
>
> Attachments: Falcon-Jira-466.v2.patch
>
>
> Implement authorization for entity actions. Entity created by one user should not be updated/deleted by another user. Entity operations will only apply for the entities owned by that user.
> Entity and instance operations must add the authenticated user/owner as an implicit filter so the user operates on only his entities. For example: List will return entities belonging to the authenticated user, lifecycle operations such as delete/kill/suspend/resume/etc. are only applicable to the owner of the entity.
--
This message was sent by Atlassian JIRA
(v6.2#6252)