[jira] [Commented] (ACCUMULO-677) Remove (deprecate) createUser call with authorizations argument

Mon, 30 Jul 2012 08:29:37 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424913#comment-13424913
 ] 

Christopher Tubbs commented on ACCUMULO-677:
--------------------------------------------

Why should they depend on a different ACL? Grant/Revoke was intended to be an 
"ALTER USER" ACL, whereas Create User was intended to be a "CREATE USER" ACL, 
and this would *include* creating the initial authorizations. When you view 
separate it as "CREATE" and "ALTER" on the object "USER", it makes complete 
sense in an object oriented way. Separating them makes less sense, because it 
treats "CREATE USER" and "ALTER USER" as two completely independent actions, 
completely ignoring the common object you are manipulating ("USER").

If you implemented the above, then to create a fully functioning user, you'd 
have to have two separate permissions. I understand the desire to change the 
API to match this paradigm, if you were to desire to switch to it, but I 
personally think that leaving the "CREATE USER" and "ALTER USER" paradigm in 
place is better. That said... without deprecating or changing the 
"CREATE"/"ALTER" paradigm, you could add to the API a method to create a user 
without authorizations (unless that already exists).
                
> Remove (deprecate) createUser call with authorizations argument
> ---------------------------------------------------------------
>
>                 Key: ACCUMULO-677
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-677
>             Project: Accumulo
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.4.1, 1.4.2
>            Reporter: John Vines
>            Assignee: John Vines
>             Fix For: 1.5.0
>
>
> Creating a user depends on a different ACL than granting Authorizations. If 
> the user can do one, but not the other it will still create the user but 
> float back an error. This can be confusing to end users, so I think we should 
> isolate createUser to just creating the user. They can then be granted 
> authorizations as need be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to