On 11/25/2013 04:11 PM, Pedro Ruivo wrote: > > I was questioning about having EXEC without any other permission... What > a user/role can do only with EXEC? Nothing. You need EXEC to be able to launch a distexec/mapreduce, and then you need whichever extra perms you need on top of that. > Since we have a BULK permission (that it is a READ) why not split the > WRITE? like MODIFY(put* replace*), DELETE(remove*) and CLEAR(clear)? >> BULK is also for WRITEs (putAll ?). > good point. So, I don't see the goal of BULK permission. why don't allow > the user/role to invoke the keySet/etc... if he has READ permission and > the same thing for the WRITE permission? Because a bulk operation (potentially) requires far more resources. The reasoning is the same as above: BULK needs to be combined with READ and/or WRITE to be useful. > BTW, one question: are we going to support to store keys under different > permissions? Like some keys are private to a user and he is the only one > that can read and write over it, other keys are public and everybody can > access it (like a filesystem permissions: permission for the user, role > and others) Not explicitly. That falls in the scope of what the custom security interceptor should do. While the idea of fs-like permissions with owner, group, etc sounds cool, I'd leave that as a user implementation detail. We just provide the hooks.
Tristan _______________________________________________ infinispan-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/infinispan-dev
