ctubbsii commented on issue #1903:
URL: https://github.com/apache/accumulo/issues/1903#issuecomment-772866045


   @Manno15 issues should generally not be questions, but clear well-defined 
tasks whenever possible. This is especially true for those with the "good first 
issue" label, because those can attract new contributors. If a new contributor 
tries to work on a task with an open ended question, it can create a very 
confusing and unpleasant experience for them if the community hasn't yet 
decided on a course of action. If you want to get feedback or consensus from 
the community on an idea, the best place to do that is on the developer mailing 
list, rather than in the body of a new issue.
   
   There is a subtlety in the implementation here... the `-s`, `-t`, `-p`, or 
`-ns` define the scope of where the permission is being granted, not the type 
of permission. It's just that the system scope is implied by the fact that 
system permission types can only be granted on the system scope. That may not 
be true in the future, although I don't have a current use case since, up to 
now, we've duplicated permission types for different scopes (such as 
`System.CREATE_TABLE` and `Namespace.CREATE_TABLE`, rather than allowing 
setting `System.CREATE_TABLE` in the namespace scope).
   
   Furthermore, the original design was to enforce exclusivity by requiring 
exactly one of `-s` or `-t` (later expanded to include `-p` and `-ns`). I'm not 
sure if that exclusivity is still enforced, but it should be. It shouldn't be 
possible to set more than one of any of those at a time. It may have been 
broken at some point by relaxing the requirement to specify the table with `-t` 
and infer the table based on the current shell state.
   
   I lean heavily towards keeping the requirement for the `-s` for a few 
reasons. First, it aligns with the design described above (the difference 
between the "scope" of where it is set vs. the "type" of permission being set). 
Second, I still think there's value in enforcing the mutual exclusivity and 
requiring exactly one of `-s`, `-t`, `-p`, and `-ns`. And finally, system 
permissions should be granted with care, and I am okay having a speed bump here.
   
   A better option would probably be to recognize the missing `-s` and provide 
a more helpful error message. I think originally, the mutual exclusivity was 
enforced, the error message should have been something like "missing one of -s, 
-t" or similar. If that was relaxed at any point, it may have introduced the 
worse error message.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Reply via email to