Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.5.0
Description
When I create a new user from Ambari UI and let’s say give him ‘Cluster User’ role; later go to Users page it shows the permissions as seen in the screenshot
The UI display is fine, however when I make an API call like below
/api/v1/users/tom/privileges?fields=*
It shows three entries for each auto_<view>_instance privilege. As an example: for ‘AUTO_FILES_INSTANCE’ I see three entries like:
api/v1/users/tom/privileges/6
api/v1/users/tom/privileges/56
api/v1/users/tom/privileges/106
and so on, so we have 16 entries (One for Cluster.User + 3 * privileges for each of five View instances)
The same behavior is seen for groups too like: /api/v1/groups/gp1/privileges?fields=*
Example
It is expected that only one of the following rows exists:
ambaricustom=> select * from adminprivilege where privilege_id in (6, 56, 106);
privilege_id | permission_id | resource_id | principal_id
--------------+---------------+-------------+--------------
6 | 4 | 54 | 8
56 | 4 | 54 | 8
106 | 4 | 54 | 8
(3 rows)
- permission_id (4): VIEW.USER
- resource_id (54): AUTO_FILES_INSTANCE
- principal_id (8): CLUSTER.USER
Cause
When Ambari server restarts, it installs the automatically created view instances without first checking to see if they have been previously created. Each restart of Ambari server will create a new set of duplicated records.
Attachments
Attachments
Issue Links
- links to
