[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[jira] [Created] (FLINK-10497) More fine grained control over access to REST endpoints

Till Rohrmann created FLINK-10497:

             Summary: More fine grained control over access to REST endpoints
                 Key: FLINK-10497
                 URL: https://issues.apache.org/jira/browse/FLINK-10497
             Project: Flink
          Issue Type: Improvement
          Components: REST
    Affects Versions: 1.7.0
            Reporter: Till Rohrmann

At the moment, the REST endpoint can be secured by configuring mutual authentication. This, however, defines the access for all available REST calls (reads as well as writes). In some situations, it is desired that only the writes calls are access restricted whereas the read accesses are permitted (e.g. no job submission but the web UI can display the cluster state).

A solution could be to specify ACLs for the different REST calls. This would allow to disable state changing operations like cancelling a job from the web UI, for example. Moreover, it could allow to specify different rights for different users.

An alternative could be to separate the REST calls relevant for the web UI (read operations) from the cluster state changing REST calls. By allowing different security configurations (e.g. endpoint with read operations is not secured whereas the endpoint with write operations is secured) one could effectively achieve the same.

This message was sent by Atlassian JIRA