You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/08/09 03:58:00 UTC
[jira] [Commented] (GEODE-3330) secure ability to register CQ
[ https://issues.apache.org/jira/browse/GEODE-3330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119376#comment-16119376 ]
ASF subversion and git services commented on GEODE-3330:
--------------------------------------------------------
Commit 33f42181930ce52501738da6046df5441969ba97 in geode's branch refs/heads/develop from YehEmily
[ https://git-wip-us.apache.org/repos/asf?p=geode.git;h=33f4218 ]
GEODE-3330: user needs CLUSTER:MANAGE:QUERY permission to create a CQ.
* cq.execute() and cq.executeWithInitialResult() all would still require DATA:READ because it will send the result back to the client either initially or later.
* added unit test
> secure ability to register CQ
> -----------------------------
>
> Key: GEODE-3330
> URL: https://issues.apache.org/jira/browse/GEODE-3330
> Project: Geode
> Issue Type: Sub-task
> Components: docs, security
> Reporter: Swapnil Bawaskar
> Assignee: Emily Yeh
>
> With integrated security, we require that for registering a CQ user must have CLUSTER:MANAGE:QUERY permissions. This however, means that a user with CLUSTER:MANAGE will be able to register a CQ with initial results and be able to see data.
> In order to register a CQ with initial results, we should require that the user has DATA:READ permission.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)