You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Dmitry Karachentsev (JIRA)" <ji...@apache.org> on 2017/04/25 10:29:04 UTC

[jira] [Created] (IGNITE-5077) Support service permissions

Dmitry Karachentsev created IGNITE-5077:
-------------------------------------------

             Summary: Support service permissions
                 Key: IGNITE-5077
                 URL: https://issues.apache.org/jira/browse/IGNITE-5077
             Project: Ignite
          Issue Type: New Feature
          Components: managed services
            Reporter: Dmitry Karachentsev
            Assignee: Dmitry Karachentsev
             Fix For: 2.1


Need to add capability to specify permissions to allow/disallow executions of particular services (similar to compute tasks).

The following permissions should be added to the SecurityPermission enum:

    SERVICE_DEPLOY - for IgniteServices.deployXXX methods.
    SERVICE_CANCEL - for IgniteServices.cancel and IgniteServices.cancelAll methods.
    SERVICE_INVOKE - for IgniteServices.service, IgniteServices.services and IgniteServices.serviceProxy methods.

SERVICE_INVOKE should allow fine-grained authorization based on service name, similar to TASK_EXECUTE. E.g., a particular user should be able to execute service A, but not service B.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)