[jira] [Commented] (ACCUMULO-677) Remove (deprecate) createUser call with authorizations argument

Tue, 31 Jul 2012 21:21:41 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426322#comment-13426322
 ] 

Christopher Tubbs commented on ACCUMULO-677:
--------------------------------------------

I'm all in favor of adding a more robust administrative set of permissions, to 
delegate the role of user management away from the root user. However, I think 
separating these out in the way you've suggested implies you're treating 
"authorization" as an independent object, disconnected from the user (but 
perhaps with a user property that gives it some meaning). I don't think that's 
the right approach in a user-centric model. It should be 
create/alter/delete/manage user... not create/alter/delete/manage authorization 
(with user attribute). Users and authorizations really aren't a separable 
concept, and I think it complicates things when you move away from 
authorizations as separate objects. (NOTE: I'm just talking about API here, not 
underlying implementation... I think the API should reflect a user-centric 
management model).
                
> Remove (deprecate) createUser call with authorizations argument
> ---------------------------------------------------------------
>
>                 Key: ACCUMULO-677
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-677
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>    Affects Versions: 1.4.1, 1.4.2
>            Reporter: John Vines
>            Assignee: John Vines
>            Priority: Minor
>              Labels: acl, alter, api, create, permissions, security, user
>             Fix For: 1.5.0
>
>
> Creating a user depends on a different ACL than granting Authorizations. If 
> the user can do one, but not the other it will still create the user but 
> float back an error. This can be confusing to end users, so I think we should 
> isolate createUser to just creating the user. They can then be granted 
> authorizations as need be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to