accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1318) Allow granting System.GRANT permission
Date Thu, 05 Mar 2015 19:09:41 GMT


Josh Elser commented on ACCUMULO-1318:

Possibly problematic... there's also a conditional which prevents the revocation of System.GRANT.
If we allow multiple GRANTs, we would want to allow revoke'ing GRANT. The problem is that
we don't have a straightforward way to ensure that there is always one user with GRANT (it's
possible that we could enumerate the users' permissions, but that only works under the assumption
that all users are accessible).

Not sure, I'm tempted to just ignore it for now and deal with users doing something dumb later.

> Allow granting System.GRANT permission
> --------------------------------------
>                 Key: ACCUMULO-1318
>                 URL:
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: master, tserver
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>              Labels: security
>             Fix For: 1.7.0
> With the addition of pluggable authentication/authorizor/permissions handler modules
(ACCUMULO-259), it seems we should rely more on these modules to set their policy for who
has which permissions.
> As such, I don't believe we should continue to constrain the System.GRANT permission,
so that it is held only by the root user. This is an especially important consideration for
ACCUMULO-1300, because in that ticket, there will always be a "local" root user, but there's
no reason that should be the de-facto account that manages other users' permissions from.

This message was sent by Atlassian JIRA

View raw message