accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Vines <>
Subject SecAdmin
Date Mon, 02 Jul 2012 20:46:30 GMT
One point that has been brought to my attention is that the administration
of users and their authorizations brings difficulties to development. There
are situations where you trust a user to create users, modify their
privileges, and drop users, but not to manage a users authorizations.
After talking to someone, the idea of a Secadmin was brought to my
attention. We should split the administration space into two areas. The
Grant privilege is still the root for granting Secadmin and for modifying
authorizations. Secadmin should be the necessary privilege for managing
users besides their authorizations. This allows a user who's trust enough
to create users but not trusted enough to grant access to the various
levels of data.

I'm opening up this as a discussion for dev to hear the communities
thoughts and hash out details prior to ticket creation. Ideally these
changes will get rolled into my branch for ACCUMULO-259, to be implemented
in Accumulo 1.5.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message