[
https://issues.apache.org/jira/browse/ACCUMULO-1318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14349276#comment-14349276
]
Josh Elser commented on ACCUMULO-1318:
--------------------------------------
FYI this is biting me right now in testing, so I'm going to push a change for
this.
I'll leave it assigned to you for now. If there's something else you were
planning on doing (as a part of the parent issue), I don't want to prematurely
close it from underneath you :)
> Allow granting System.GRANT permission
> --------------------------------------
>
> Key: ACCUMULO-1318
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1318
> Project: Accumulo
> Issue Type: Sub-task
> Components: master, tserver
> Reporter: Christopher Tubbs
> Assignee: Christopher Tubbs
> Labels: security
> Fix For: 1.7.0
>
>
> With the addition of pluggable authentication/authorizor/permissions handler
> modules (ACCUMULO-259), it seems we should rely more on these modules to set
> their policy for who has which permissions.
> As such, I don't believe we should continue to constrain the System.GRANT
> permission, so that it is held only by the root user. This is an especially
> important consideration for ACCUMULO-1300, because in that ticket, there will
> always be a "local" root user, but there's no reason that should be the
> de-facto account that manages other users' permissions from.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
