ctubbsii commented on issue #1903: URL: https://github.com/apache/accumulo/issues/1903#issuecomment-772866045
@Manno15 issues should generally not be questions, but clear well-defined tasks whenever possible. This is especially true for those with the "good first issue" label, because those can attract new contributors. If a new contributor tries to work on a task with an open ended question, it can create a very confusing and unpleasant experience for them if the community hasn't yet decided on a course of action. If you want to get feedback or consensus from the community on an idea, the best place to do that is on the developer mailing list, rather than in the body of a new issue. There is a subtlety in the implementation here... the `-s`, `-t`, `-p`, or `-ns` define the scope of where the permission is being granted, not the type of permission. It's just that the system scope is implied by the fact that system permission types can only be granted on the system scope. That may not be true in the future, although I don't have a current use case since, up to now, we've duplicated permission types for different scopes (such as `System.CREATE_TABLE` and `Namespace.CREATE_TABLE`, rather than allowing setting `System.CREATE_TABLE` in the namespace scope). Furthermore, the original design was to enforce exclusivity by requiring exactly one of `-s` or `-t` (later expanded to include `-p` and `-ns`). I'm not sure if that exclusivity is still enforced, but it should be. It shouldn't be possible to set more than one of any of those at a time. It may have been broken at some point by relaxing the requirement to specify the table with `-t` and infer the table based on the current shell state. I lean heavily towards keeping the requirement for the `-s` for a few reasons. First, it aligns with the design described above (the difference between the "scope" of where it is set vs. the "type" of permission being set). Second, I still think there's value in enforcing the mutual exclusivity and requiring exactly one of `-s`, `-t`, `-p`, and `-ns`. And finally, system permissions should be granted with care, and I am okay having a speed bump here. A better option would probably be to recognize the missing `-s` and provide a more helpful error message. I think originally, the mutual exclusivity was enforced, the error message should have been something like "missing one of -s, -t" or similar. If that was relaxed at any point, it may have introduced the worse error message. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
