If I have read permissions on a region, I would expect "describe region" to work. I could live with a "permission denied" for "list region", however, it would be nice to get a list of all regions I have permissions for.
On Thu, May 19, 2016 at 10:44 AM, Michael Stolz <[email protected]> wrote: > Permission denied is fine if CLUSTER:READ is disallowed. > > The regions returned should be those regions he has access to. > > Data Administrator should have access to all regions. > > -- > Mike Stolz > Principal Engineer - Gemfire Product Manager > Mobile: 631-835-4771 > On May 19, 2016 12:22 PM, "Jinmei Liao" <[email protected]> wrote: > >> I want to get some clarification on what permission is need to guard the >> operation of "list regions" and "describe region". >> >> Currently anyone that has "CLUSTER:READ" are able to execute those two >> commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the >> regions. And if a user only has read permission for a specific region, >> when >> he goes to execute "list regions", he will get a "permission denied" >> message instead of seeing a list of regions that he has access to. Is this >> the expected behavior? Or a better question is: what is the expected >> behavior? >> >> -- >> Cheers >> >> Jinmei >> >
