[
https://issues.apache.org/jira/browse/ACCUMULO-1318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14349295#comment-14349295
]
Josh Elser commented on ACCUMULO-1318:
--------------------------------------
Possibly problematic... there's also a conditional which prevents the
revocation of System.GRANT. If we allow multiple GRANTs, we would want to allow
revoke'ing GRANT. The problem is that we don't have a straightforward way to
ensure that there is always one user with GRANT (it's possible that we could
enumerate the users' permissions, but that only works under the assumption that
all users are accessible).
Not sure, I'm tempted to just ignore it for now and deal with users doing
something dumb later.
> Allow granting System.GRANT permission
> --------------------------------------
>
> Key: ACCUMULO-1318
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1318
> Project: Accumulo
> Issue Type: Sub-task
> Components: master, tserver
> Reporter: Christopher Tubbs
> Assignee: Christopher Tubbs
> Labels: security
> Fix For: 1.7.0
>
>
> With the addition of pluggable authentication/authorizor/permissions handler
> modules (ACCUMULO-259), it seems we should rely more on these modules to set
> their policy for who has which permissions.
> As such, I don't believe we should continue to constrain the System.GRANT
> permission, so that it is held only by the root user. This is an especially
> important consideration for ACCUMULO-1300, because in that ticket, there will
> always be a "local" root user, but there's no reason that should be the
> de-facto account that manages other users' permissions from.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
