Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-11809

Services in master use RemoteAuthorizationEnforcer

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.3.0, 4.2.1
    • Component/s: Security
    • Labels:
      None
    • Rank:
      1|i0038f:

      Description

      Services running on master are using RemoteAuthorizationEnforcer, which should use DefaultAuthorizationEnforcer.

      Steps to reproduce:
      1. In cdap cli, log in as super user,
      2. create a namespace
      3. grant action READ/WRITE/ADMIN/EXECUTE on the namespace to user alice.
      4. Changing user to alice and listing the namespaces does not return the namespace. The grant action does not take effect at once, still need to wait for the cache timeout.

      Relates to https://issues.cask.co/browse/CDAP-11793

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yaojie Yaojie Feng
                Reporter:
                yaojie Yaojie Feng
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: