Thanks for the pointer
Christopher wrote:
Originally, the idea was to restrict this permission to prevent multiple
users from becoming equivalent to "root", which could be difficult to
audit. I don't think the original reasoning is still valid. See
https://issues.apache.org/jira/browse/ACCUMULO-1318
--
Christopher L Tubbs II
http://gravatar.com/ctubbsii
On Mon, Mar 2, 2015 at 8:32 PM, Josh Elser<[email protected]> wrote:
public boolean canGrantSystem(TCredentials c, String user,
SystemPermission sysPerm) throws ThriftSecurityException {
authenticate(c);
// can't grant GRANT
if (sysPerm.equals(SystemPermission.GRANT))
throw new ThriftSecurityException(c.getPrincipal(),
SecurityErrorCode.GRANT_INVALID);
return hasSystemPermission(c, SystemPermission.GRANT, false);
}
Why don't we allow System.GRANT to be given to other users?
