[jira] [Commented] (GEODE-2924) move resources from DATA to CLUSTER

Thu, 27 Jul 2017 10:46:34 -0700 

    [ 
https://issues.apache.org/jira/browse/GEODE-2924?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103587#comment-16103587
 ] 

ASF GitHub Bot commented on GEODE-2924:
---------------------------------------

Github user jinmeiliao commented on a diff in the pull request:

    https://github.com/apache/geode/pull/660#discussion_r129910320
  
    --- Diff: 
geode-docs/managing/security/implementing_authorization.html.md.erb ---
    @@ -56,13 +56,23 @@ which classifies whether the operation as
     The operations are not hierarchical;
     `MANAGE` does not imply `WRITE`, and `WRITE` does not imply `READ`.
     
    -Some operations further specify a region name in the permission.
    +Some `DATA` operations further specify a region name in the permission.
     This permits restricting operations on that region to only those
     authorized principals.
     And within a region, some operations may specify a key.
     This permits restricting operations on that key within that region to 
     only those authorized principals.
     
    +Some `CLUSTER` operations further specify a finer-grained
    +target for the operation.
    +Specify the target with a string value of:
    +
    +- `DISK` to target operations that write to a disk store
    +- `GATEWAY` to target operations that manage gateway senders and receivers
    +- `QUERY` to target operations that manage both indexes and continuous
    + queries
    +- `JAR` to target operations that deploy code to servers
    +
    --- End diff --
    
    I believe there are more changes to the permission strings than just these 
few here. We also made some corrections like:
    echo: N/A
    encrypt password: N/A (actually encrypt password is no longer a gfsh 
command anymore, we removed it).
    execute function: determined by function api.
    A lot of the GatewayMXBean operation are changed as well.
    Please go through the list of "new permission strings in 
https://cwiki.apache.org/confluence/display/GEODE/Finer+grained+security and 
make all the modifications needed.


> move resources from DATA to CLUSTER
> -----------------------------------
>
>                 Key: GEODE-2924
>                 URL: https://issues.apache.org/jira/browse/GEODE-2924
>             Project: Geode
>          Issue Type: Sub-task
>          Components: docs, security
>            Reporter: Swapnil Bawaskar
>            Assignee: Karen Smoler Miller
>             Fix For: 1.3.0
>
>
> As discussed in this proposal 
> https://cwiki.apache.org/confluence/display/GEODE/Finer+grained+security, the 
> only resource on DATA should be region, we should move:
> 1. pdx to CLUSTER:MANAGE
> 2. import cluster-configuration to CLUSTER:MANAGE
> 3. LockServiceMXBean.becomeLockGrantor        to CLUSTER:MANAGE
> 4. list regions       to CLUSTER:READ



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to