Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-7404

Authorization for program run by schedules

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 3.5.2
    • Component/s: Security, Workflow
    • Labels:
      None
    • Release Notes:
      Added authorization for schedules in CDAP.
    • Rank:
      1|hzzmtz:

      Description

      In our current security model we don't have any authorization enforcement when an schedule is resumed. This is a security loophole in in authorization enabled cluster in a scenario where an user has READ privilege on a program allowing him to see the program. This user can now resume the schedule and the program will run since during the runtime the program runs as cdap user or the user for the impersonated namespace incase of impersonated namespace.

        Attachments

          Activity

            People

            • Assignee:
              rsinha Rohit Sinha
              Reporter:
              rsinha Rohit Sinha
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: