Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-7237

Granting read,write access also adds admin access

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 3.5.1
    • Component/s: Security
    • Labels:
      None
    • Release Notes:
      Prevented accidental grant of additional actions to a user as part of a grant operation when using Apache Sentry as the authorization provider.
    • Rank:
      1|hzzllj:

      Description

      When granting read/write access to a user, admin gets added to the permission list as well.

      > list privileges for user rsinha
      +=================+
      | Entity | Action |
      +=================+
      +=================+
      
      > grant actions READ,WRITE on entity namespace:default to user rsinha
      Successfully granted action(s) 'READ,WRITE' on entity 'namespace:default' to USER 'rsinha'
      
      > list privileges for user rsinha
      +============================+
      | Entity            | Action |
      +============================+
      | namespace:default | WRITE  |
      | namespace:default | READ   |
      | namespace:default | ADMIN  |
      +============================+
      

        Attachments

          Activity

            People

            • Assignee:
              bhooshan Bhooshan Mogal
              Reporter:
              mattwuenschel Matt Wuenschel
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: