revoke all command results in entities which cannot be accessed or deleted by anyone
Description
Release Notes
None
Activity
Show:
Rohit Sinha September 20, 2017 at 4:11 AM
With this new auth model and direction, we are going to (no privilege management in CDAP) this is not applicable anymore.
Rohit Sinha June 6, 2017 at 8:37 PM
Initially, we had a superuser but we dropped it as it was a security loophole.
Yaojie Feng June 6, 2017 at 8:20 PM
This will not only happen on revoke all. If some user accidentally revokes ADMIN on the entity and no one else has the ADMIN privilege, then that entity cannot be deleted/updated. I agree with Ali that a superuser should be able to grant privileges on an entity if no ADMIN privilege is on the entity.
Ali Anwar June 2, 2017 at 12:58 AM
One possible fix would be to have a superuser that can always grant privileges on an entity, even if the entity currently has no privileges on it.
Won't Fix
Pinned fields
Click on the next to a field label to start pinning.
Created March 17, 2017 at 8:27 PM
Updated September 20, 2017 at 4:11 AM
Resolved September 19, 2017 at 4:55 PM
We support revoking all privileges from an entity which we use internally to drop all privileges for an entity when an entity is deleted.
If a user uses this command then we end up deleting all privileges for the entity and we have an entity in cdap on which no one has any privilege
We should either:
1. Disallow this command if the entity exists
2. Not expose this operation to users at all