You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/08/09 03:58:00 UTC

[jira] [Commented] (GEODE-3330) secure ability to register CQ

    [ https://issues.apache.org/jira/browse/GEODE-3330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119376#comment-16119376 ] 

ASF subversion and git services commented on GEODE-3330:
--------------------------------------------------------

Commit 33f42181930ce52501738da6046df5441969ba97 in geode's branch refs/heads/develop from YehEmily
[ https://git-wip-us.apache.org/repos/asf?p=geode.git;h=33f4218 ]

GEODE-3330: user needs CLUSTER:MANAGE:QUERY permission to create a CQ.

* cq.execute() and cq.executeWithInitialResult() all would still require DATA:READ because it will send the result back to the client either initially or later.
* added unit test


> secure ability to register CQ
> -----------------------------
>
>                 Key: GEODE-3330
>                 URL: https://issues.apache.org/jira/browse/GEODE-3330
>             Project: Geode
>          Issue Type: Sub-task
>          Components: docs, security
>            Reporter: Swapnil Bawaskar
>            Assignee: Emily Yeh
>
> With integrated security, we require that for registering a CQ user must have CLUSTER:MANAGE:QUERY permissions. This however, means that a user with CLUSTER:MANAGE will be able to register a CQ with initial results and be able to see data.
> In order to register a CQ with initial results, we should require that the user has DATA:READ permission. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)