[jira] [Commented] (ACCUMULO-677) Remove (deprecate) createUser call with authorizations argument

Wed, 01 Aug 2012 13:47:05 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426877#comment-13426877
 ] 

John Vines commented on ACCUMULO-677:
-------------------------------------

I agree, we need add/remove instead of set.

As for data owners, I agree with you, but I don't think there's a clean way to 
do it. I could see a combination of a System.GRANT_AUTH and any authorizations 
the user possesses. That would provide a decent balance of ownership without 
making it too complex for people in less rigorous circumstances.

1 - Reasonable concern, but that could very well happen now in the case of 
changing auths for a user you did not create

2 - This is up to the Authorizor implementation, which should on create/delete 
(or both) ensure that users list of authorizations is empty

3- Yes, which is why I want to try to find a middle ground that provides the 
limitation of Authorizations while not making them unusable to those who aren't 
in dire need of them.
                
> Remove (deprecate) createUser call with authorizations argument
> ---------------------------------------------------------------
>
>                 Key: ACCUMULO-677
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-677
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>    Affects Versions: 1.4.1, 1.4.2
>            Reporter: John Vines
>            Assignee: John Vines
>            Priority: Minor
>              Labels: acl, alter, api, create, permissions, security, user
>             Fix For: 1.5.0
>
>
> Creating a user depends on a different ACL than granting Authorizations. If 
> the user can do one, but not the other it will still create the user but 
> float back an error. This can be confusing to end users, so I think we should 
> isolate createUser to just creating the user. They can then be granted 
> authorizations as need be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to