[jira] [Created] (FLINK-10497) More fine grained control over access to REST endpoints
Till Rohrmann created FLINK-10497:
Summary: More fine grained control over access to REST endpoints
Issue Type: Improvement
Affects Versions: 1.7.0
Reporter: Till Rohrmann
At the moment, the REST endpoint can be secured by configuring mutual authentication. This, however, defines the access for all available REST calls (reads as well as writes). In some situations, it is desired that only the writes calls are access restricted whereas the read accesses are permitted (e.g. no job submission but the web UI can display the cluster state).
A solution could be to specify ACLs for the different REST calls. This would allow to disable state changing operations like cancelling a job from the web UI, for example. Moreover, it could allow to specify different rights for different users.
An alternative could be to separate the REST calls relevant for the web UI (read operations) from the cluster state changing REST calls. By allowing different security configurations (e.g. endpoint with read operations is not secured whereas the endpoint with write operations is secured) one could effectively achieve the same.
This message was sent by Atlassian JIRA