You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geode.apache.org by Jinmei Liao <ji...@pivotal.io> on 2016/05/19 17:22:17 UTC
Region Permission
I want to get some clarification on what permission is need to guard the
operation of "list regions" and "describe region".
Currently anyone that has "CLUSTER:READ" are able to execute those two
commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the
regions. And if a user only has read permission for a specific region, when
he goes to execute "list regions", he will get a "permission denied"
message instead of seeing a list of regions that he has access to. Is this
the expected behavior? Or a better question is: what is the expected
behavior?
--
Cheers
Jinmei
Re: [gemfire-mm] Re: Region Permission
Posted by Swapnil Bawaskar <sb...@pivotal.io>.
If I have read permissions on a region, I would expect "describe region" to
work.
I could live with a "permission denied" for "list region", however, it
would be nice to get a list of all regions I have permissions for.
On Thu, May 19, 2016 at 10:44 AM, Michael Stolz <ms...@pivotal.io> wrote:
> Permission denied is fine if CLUSTER:READ is disallowed.
>
> The regions returned should be those regions he has access to.
>
> Data Administrator should have access to all regions.
>
> --
> Mike Stolz
> Principal Engineer - Gemfire Product Manager
> Mobile: 631-835-4771
> On May 19, 2016 12:22 PM, "Jinmei Liao" <ji...@pivotal.io> wrote:
>
>> I want to get some clarification on what permission is need to guard the
>> operation of "list regions" and "describe region".
>>
>> Currently anyone that has "CLUSTER:READ" are able to execute those two
>> commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the
>> regions. And if a user only has read permission for a specific region,
>> when
>> he goes to execute "list regions", he will get a "permission denied"
>> message instead of seeing a list of regions that he has access to. Is this
>> the expected behavior? Or a better question is: what is the expected
>> behavior?
>>
>> --
>> Cheers
>>
>> Jinmei
>>
>
Re: Region Permission
Posted by Michael Stolz <ms...@pivotal.io>.
Permission denied is fine if CLUSTER:READ is disallowed.
The regions returned should be those regions he has access to.
Data Administrator should have access to all regions.
--
Mike Stolz
Principal Engineer - Gemfire Product Manager
Mobile: 631-835-4771
On May 19, 2016 12:22 PM, "Jinmei Liao" <ji...@pivotal.io> wrote:
> I want to get some clarification on what permission is need to guard the
> operation of "list regions" and "describe region".
>
> Currently anyone that has "CLUSTER:READ" are able to execute those two
> commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the
> regions. And if a user only has read permission for a specific region, when
> he goes to execute "list regions", he will get a "permission denied"
> message instead of seeing a list of regions that he has access to. Is this
> the expected behavior? Or a better question is: what is the expected
> behavior?
>
> --
> Cheers
>
> Jinmei
>