Github user simonellistonball commented on the issue:
https://github.com/apache/metron/pull/1111
Thanks for the catches Ryan.
My objective around metron-rest was to try and leave it as little changed
as possible in this effort, since the ticket is more around the ui hosts, but I
would agree that this could be cleaned up as you suggest.
On the issue of Roles, I don't think we really make the best use of roles
at present, and need a follow on to sort all that out. There is also some
debate to be had about how roles should be used. A trivial (and in my view
naive) view would be to map roles to LDAP groups. This is quite a common
approach, but is also a wrong approach, Roles are logical groups of capability,
not groups of user principals. I would like to see a follow on where we
actually define and properly apply concepts of roles to access controlled
objects in Metron, but in the short term we could definitely use the
placeholder TODO here to add a naive mapping.
---
