accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-677) Remove (deprecate) createUser call with authorizations argument
Date Wed, 01 Aug 2012 04:21:33 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13426322#comment-13426322
] 

Christopher Tubbs commented on ACCUMULO-677:
--------------------------------------------

I'm all in favor of adding a more robust administrative set of permissions, to delegate the
role of user management away from the root user. However, I think separating these out in
the way you've suggested implies you're treating "authorization" as an independent object,
disconnected from the user (but perhaps with a user property that gives it some meaning).
I don't think that's the right approach in a user-centric model. It should be create/alter/delete/manage
user... not create/alter/delete/manage authorization (with user attribute). Users and authorizations
really aren't a separable concept, and I think it complicates things when you move away from
authorizations as separate objects. (NOTE: I'm just talking about API here, not underlying
implementation... I think the API should reflect a user-centric management model).
                
> Remove (deprecate) createUser call with authorizations argument
> ---------------------------------------------------------------
>
>                 Key: ACCUMULO-677
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-677
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: client
>    Affects Versions: 1.4.1, 1.4.2
>            Reporter: John Vines
>            Assignee: John Vines
>            Priority: Minor
>              Labels: acl, alter, api, create, permissions, security, user
>             Fix For: 1.5.0
>
>
> Creating a user depends on a different ACL than granting Authorizations. If the user
can do one, but not the other it will still create the user but float back an error. This
can be confusing to end users, so I think we should isolate createUser to just creating the
user. They can then be granted authorizations as need be.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message