[jira] [Updated] (IGNITE-12220) Allow to use cache-related permissions both at system and per-cache levels

Tue, 24 Sep 2019 12:27:15 -0700 


     [ 
https://issues.apache.org/jira/browse/IGNITE-12220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrey Kuznetsov updated IGNITE-12220:
--------------------------------------
    Description: Currently, {{CACHE_CREATE}} and {{CACHE_DESTROY}} permissions 
are enforced to be system-level permissions, see for instance 
{{SecurityPermissionSetBuilder#appendCachePermissions}}. This looks inflexible: 
Ignite Security implementations are not able to manage cache creation and 
deletion permissions on per-cache basis (unlike get/put/remove permissions). 
All such limitations should be found and removed in order to allow all 
{{CACHE_*}} permissions to be set both at system and per-cache levels.  (was: 
Currently, {{CACHE_CREATE}} and {{CACHE_DESTROY}} permissions are enforced to 
be system-level permissions, see for instance 
{{SecurityPermissionSetBuilder#appendCachePermissions}}. This looks inflexible: 
Ignite Security implementations are not able to manage cache creation and 
deletion permissions on per-cache basis (unlike get/put/remove permissions). 
All such limitations should be found and removed on order to allow all 
{{CACHE_*}} permissions to be set both at system and per-cache levels.)

> Allow to use cache-related permissions both at system and per-cache levels
> --------------------------------------------------------------------------
>
>                 Key: IGNITE-12220
>                 URL: https://issues.apache.org/jira/browse/IGNITE-12220
>             Project: Ignite
>          Issue Type: Task
>          Components: security
>    Affects Versions: 2.7.6
>            Reporter: Andrey Kuznetsov
>            Assignee: Sergei Ryzhov
>            Priority: Major
>             Fix For: 2.8
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently, {{CACHE_CREATE}} and {{CACHE_DESTROY}} permissions are enforced to 
> be system-level permissions, see for instance 
> {{SecurityPermissionSetBuilder#appendCachePermissions}}. This looks 
> inflexible: Ignite Security implementations are not able to manage cache 
> creation and deletion permissions on per-cache basis (unlike get/put/remove 
> permissions). All such limitations should be found and removed in order to 
> allow all {{CACHE_*}} permissions to be set both at system and per-cache 
> levels.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to