Vladimir Steshin created IGNITE-18862:
-----------------------------------------
Summary: Deprecate and replace ADMIN_OPS permission.
Key: IGNITE-18862
URL: https://issues.apache.org/jira/browse/IGNITE-18862
Project: Ignite
Issue Type: Improvement
Reporter: Vladimir Steshin
{code:java}
org.apache.ignite.plugin.security.SecurityPermission
{code}
has some visor-related permission:
{code:java}
/** Visor admin operations permissions. */
ADMIN_OPS
{code}
This permission should be deprecated and replaced with correct certain ones
like 'CLUSTER_ACTIVATE, CLUSTER_DEACTIVATE, BASELINE_ADD, BASELINE_REMOVE' as
an example. These new permissions should be checked regardless of operation
invocation type.
Motivation:
1) The visor has been removed in IGNITE-18301.
2) The permission is actually requested to change baseline with `control.sh` or
the through `REST API`, to change cluster state with `control.sh` and through
the `REST API` and to mange client connections with `ClientProcessorMXBean`.
These tools aren't visor. So, the javadocs are wrong.
3) One can change baseline or cluster state with client node or thin client
withou these permissions. Such behavior looks not correct.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
