Re: [gemfire-mm] Re: Region Permission

[Swapnil Bawaskar <sb...@pivotal.io>]

If I have read permissions on a region, I would expect "describe region" to
work.
I could live with a "permission denied" for "list region", however, it
would be nice to get a list of all regions I have permissions for.

On Thu, May 19, 2016 at 10:44 AM, Michael Stolz <ms...@pivotal.io> wrote:

> Permission denied is fine if CLUSTER:READ is disallowed.
>
> The regions returned should be those regions he has access to.
>
> Data Administrator should have access to all regions.
>
> --
> Mike Stolz
> Principal Engineer - Gemfire Product Manager
> Mobile: 631-835-4771
> On May 19, 2016 12:22 PM, "Jinmei Liao" <ji...@pivotal.io> wrote:
>
>> I want to get some clarification on what permission is need to guard the
>> operation of "list regions" and "describe region".
>>
>> Currently anyone that has "CLUSTER:READ" are able to execute those two
>> commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the
>> regions. And if a user only has read permission for a specific region,
>> when
>> he goes to execute "list regions", he will get a "permission denied"
>> message instead of seeing a list of regions that he has access to. Is this
>> the expected behavior? Or a better question is: what is the expected
>> behavior?
>>
>> --
>> Cheers
>>
>> Jinmei
>>
>