Discuss fix for GEODE-2817 <https://issues.apache.org/jira/browse/GEODE-2817>
Currently to execute a function, you will need "data:write" permission, but it really depends on what the function is doing. For example, if a function is just reading data, the function author might want users with DATA:READ permissions to execute the function. The two options mentioned in the ticket are: 1) externalize SecurityService so that function author can use it in the function.execute code to check authorization. 2) add a method to function interface to tell the framework what permission this function needs to execute, so that the framework will check the permission before executing the function. I vote for #2 because, I think, a function author will be able to easily discover a method on the Function interface, rather than trying to look for SecurityService. I propose that we add the following new method to Function: default public List<ResourcePermission> requiredPermissions() { // default DATA:WRITE } In order to preserve existing behavior, the default required permission would be DATA:WRITE.