Role-based data separation
See https:/
Problem
-------------
We realized towards the end of Liberty that scrubbing fields from the output is not completely enough to guarantee isolation of information; it's possibly to construct queries on fields that are meant to be hidden that would allow a mailicious/curious non-administrative user to locate information by guessing search terms; for instance, OS-EXT-
{"query": {"range": {"OS-EXT-
will allow a binary search until host names are discovered; it's relatively easy to do that programmatically.
See https:/
Blueprint information
- Status:
- Complete
- Approver:
- Travis Tripp
- Priority:
- Essential
- Drafter:
- Steve McLellan
- Direction:
- Approved
- Assignee:
- Steve McLellan
- Definition:
- Approved
- Series goal:
- Accepted for mitaka
- Implementation:
- Implemented
- Milestone target:
- mitaka-2
- Started by
- Travis Tripp
- Completed by
- Steve McLellan
Related branches
Related bugs
Sprints
Whiteboard
[TravT] I think that most of the description above should be changed to a couple of summary sentences with a link to the spec review you submitted.
https:/
Gerrit topic: https:/
Addressed by: https:/
WIP Separate documents by role
Addressed by: https:/
Only evaluate RBAC filter for current request