Hello Dave,
Thanks for the heads up, spelling errors fixed (at least that one :-/).
Cheers!.
On Mon, Jun 25, 2018 at 4:34 PM Dave Barnes wrote:
> Juan,
> Nice work - you've obviously given this plenty of thought. I'm not
> qualified to comment on the technical aspects of your proposal, but as
Juan,
Nice work - you've obviously given this plenty of thought. I'm not
qualified to comment on the technical aspects of your proposal, but as a
proofreader I noticed that there are a couple of occurrences of
"invokation" that should be spelled "invocation".
Dave
On Mon, Jun 25, 2018 at 2:52
Hello all,
The current approach used to authorize methods during OQL execution seems
to be way too restrictive, I've drafted a proposal to change the current
behavior and allow further customization:
Github user asfgit closed the pull request at:
https://github.com/apache/geode/pull/667
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is
GitHub user karensmolermiller opened a pull request:
https://github.com/apache/geode/pull/667
GEODE-3324 Document finer-grained security permissions
@jinmeiliao @PurelyApplied @jaredjstewart @joeymcallister @davebarnes97
Please review.
You can merge this pull request
Github user PurelyApplied closed the pull request at:
https://github.com/apache/geode/pull/596
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user jaredjstewart commented on the issue:
https://github.com/apache/geode/pull/596
Merged as 451d12e
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes
Github user PurelyApplied commented on the issue:
https://github.com/apache/geode/pull/596
Excepting one flaky test, precheckin is green through `14298a`. Precheckin
is currently very unhappy, though, and starting new test runs is not going well.
---
If your project is set up for
Github user jaredjstewart commented on the issue:
https://github.com/apache/geode/pull/596
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the
Github user PurelyApplied commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123832520
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ClientCommands.java
---
@@ -109,12 +107,10 @@ public Result
Github user PurelyApplied commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123832527
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/FunctionCommands.java
---
@@ -130,31 +125,8 @@ public Result
Github user PurelyApplied commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123830383
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/beans/MemberMBean.java
---
@@ -148,7 +148,12 @@ public long
Github user PurelyApplied commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123829882
--- Diff:
geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
---
@@ -57,7 +56,48 @@ public
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123822645
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/FunctionCommands.java
---
@@ -130,31 +125,8 @@ public Result
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123820699
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ClientCommands.java
---
@@ -109,12 +107,10 @@ public Result
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123819260
--- Diff:
geode-core/src/main/java/org/apache/geode/management/internal/beans/MemberMBean.java
---
@@ -148,7 +148,12 @@ public long
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123818520
--- Diff:
geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
---
@@ -57,7 +56,48 @@ public
Github user jaredjstewart commented on a diff in the pull request:
https://github.com/apache/geode/pull/596#discussion_r123817037
--- Diff:
geode-core/src/main/java/org/apache/geode/management/CacheServerMXBean.java ---
@@ -60,48 +61,48 @@
/**
* Returns the port on
Github user PurelyApplied commented on the issue:
https://github.com/apache/geode/pull/596
Precheckin running.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes
GitHub user PurelyApplied opened a pull request:
https://github.com/apache/geode/pull/596
GEODE-2920 - GEODE-2925: Finer Grained Security
Due to the size of this commit and for your convenience of review, I have
not yet squashed my commits. Do note that I have not individually
2, 2017, 2:44 p.m.)
>
>
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained secu
omberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
> geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java
> 9b23f6c1a8ed3449d8a49
to avoid code duplication.
3) added default implemenation of SecurityService (debateble)
4) reworked SecurityServicefactory and add more tests.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main
-
>
> (Updated June 5, 2017, 6:32 p.m.)
>
>
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Changes
---
added a new interface method according review.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache
Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
> geo
---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> ---
>
> (Updated June 2, 2017, 4:08 p.m.)
>
>
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhom
s is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59692/
> ---
>
> (Updated June 2, 2017, 4:08 p.m.)
>
>
> Review request for geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: g
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
84f97de56
r geode, Emily Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
>
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Changes
---
review changes
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache/geode/examples/security
ick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
> geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecuritySe
: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
> geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
> 600d5462b1d18cfc70
ly Yeh, Jared Stewart, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
> geode-c
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
> geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
> 600d5462b1d18cfc702d400f6d9
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Changes
---
add more methods in security service
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache/geode
Stewart, Ken Howe, Kirk Lund, and
Patrick Rhomberg.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs (updated)
-
geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
, Ken Howe, Kirk Lund, and
> Patrick Rhomberg.
>
>
> Repository: geode
>
>
> Description
> ---
>
> GEODE-2925: add target for resource operation for finer grained security
>
>
> Diffs
> -
>
>
, and
Patrick Rhomberg.
Repository: geode
Description
---
GEODE-2925: add target for resource operation for finer grained security
Diffs
-
geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
600d5462b1d18cfc702d400f6d91c1ac1fab3755
geode-core
Swapnil Bawaskar created GEODE-2987:
---
Summary: document finer grained security migration
Key: GEODE-2987
URL: https://issues.apache.org/jira/browse/GEODE-2987
Project: Geode
Issue Type
[
https://issues.apache.org/jira/browse/GEODE-2919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joey McAllister updated GEODE-2919:
---
Component/s: docs
> Provide finer grained secur
Swapnil Bawaskar created GEODE-2919:
---
Summary: Provide finer grained security
Key: GEODE-2919
URL: https://issues.apache.org/jira/browse/GEODE-2919
Project: Geode
Issue Type: Improvement
Thanks for feedback! I have tried to incorporate this on our wiki:
https://cwiki.apache.org/confluence/display/GEODE/Finer+grained+security.
Comments welcome.
On Thu, Apr 27, 2017 at 1:33 PM John Blum <jb...@pivotal.io> wrote:
> +1 to Jake's comments, and is a fundamental property
+1 to Jake's comments, and is a fundamental property of Java's security
internally.
On Thu, Apr 27, 2017 at 1:09 PM, Jacob Barrett wrote:
> Typical solution to the X service needs to create something it service Y
> where user has permission to X but not to Y is to treat the
Typical solution to the X service needs to create something it service Y
where user has permission to X but not to Y is to treat the actions on Y
performed by X to be trusted. Often I have seen this implemented such that
after asserting permission on "create" on X that X performs actions on Y as
a
We have seen users who need per-Region permission for Data read/write, so
there is precedent there at least.
--
Mike Stolz
Principal Engineer, GemFire Product Manager
Mobile: +1-631-835-4771
On Thu, Apr 27, 2017 at 2:11 PM, pulkit chandra
wrote:
> For per instance
For per instance permission, I would say look for the evidence. Do we have
evidence that customers want per instance permission? If not may be
implement minimally in the first cut and validate with customers if they
want per instance model?
About Lucene concern, It is in fact good to provide
I agree that async event queues seem like a different case than wan or
disk. In that case you are not using anything that creating a region
doesn't do.
Shouldn't creating a region be DATA:MANAGE:DISK? Requiring DATA privileges
for a region without disk and CLUSTER privileges for a region with
One more possible complication is that creating a Lucene index will also
create an AsyncEventQueue. Today the required permission to create the AEQ
is DATA:MANAGE which coincidentally nicely matches the permission required
to create an OQL index.
Pulling out the AEQ as a separate resource will
DATA:*:RegionA would allow you to only operate that region but not all of
them.
if we want to control a specific wan, maybe we add a fourth parameter:
cluster:*:wan:wanName, same goes for Disk etc.
On Tue, Apr 25, 2017 at 3:03 PM, Jacob Barrett wrote:
> Think further, what
Think further, what about the team that ask that I be able to mange a
region not all regions, or a wan not all wan. It may be time to think about
a full per instance /
named resource based security model.
On Tue, Apr 25, 2017 at 2:59 PM Jared Stewart wrote:
> +1
>
> I think
+1
I think it would also be a good idea to move the current operations permitted
by CLUSTER:MANAGE ( stop server, alter runtime, etc) to require the more
specific CLUSTER:MANAGE:MEMBER in order to avoid ambiguity. (This is not a
breaking change since CLUSTER:MANAGE implies
In our current security model, a user with DATA:MANAGE can create regions,
create disk stores, WAN gateways etc. I think this is a very wide scope,
because an administrator may want to give create region privilege to a
developer, but not necessarily give them the ability to create disk stores
or
54 matches
Mail list logo