atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nixon Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (ATLAS-2009) Any non-admin user in users-credentials.properties is able to access /api/atlas/admin path
Date Mon, 07 Aug 2017 06:24:00 GMT

     [ https://issues.apache.org/jira/browse/ATLAS-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nixon Rodrigues reassigned ATLAS-2009:
--------------------------------------

         Assignee: Nixon Rodrigues
    Fix Version/s: 0.8.1-incubating
                   0.9-incubating

> Any non-admin user in users-credentials.properties is able to access /api/atlas/admin
path
> ------------------------------------------------------------------------------------------
>
>                 Key: ATLAS-2009
>                 URL: https://issues.apache.org/jira/browse/ATLAS-2009
>             Project: Atlas
>          Issue Type: Bug
>          Components:  atlas-core
>            Reporter: Sharmadha Sainath
>            Assignee: Nixon Rodrigues
>            Priority: Critical
>             Fix For: 0.9-incubating, 0.8.1-incubating
>
>         Attachments: ATLAS-2009.patch
>
>
> Any non-admin user (ex: rangertagsync) specified in conf/users-credentials.properties
is able to access the /api/atlas/admin path. Is this expected ?
> One of the use cases is Export and Import API's ,which should be permitted only by admin
user to be executed. But any user is able to execute it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message