Hi, NilKanth, the ExampleSecurityManager is meant as an example. When using that ExampleSecurityManager with the json file described in https://cwiki.apache.org/confluence/display/GEODE/Using+Custom+SecurityManager, the role "data" only has permission to the following two regions: "region1" and "region2". So it still can not do "list region" and "create region". You can delete that line of ""regions": ["region1", "region2"]" so that the data role can operate on all regions, then your commands will succeed.
On Sun, Feb 26, 2017 at 9:36 PM, Nilkanth Patel <npa...@apache.org> wrote: > Hello, > > With the setup explained in > https://cwiki.apache.org/confluence/display/GEODE/ > Using+Custom+SecurityManager, > observed following, > > Started locator, server as explained in doc. > > gfsh>connect --locators=localhost[10334] --user=super-user > --password=1234567 > Connecting to Locator at [host=localhost, port=10334] .. > Connecting to Manager at [host=192.168.3.125, port=1099] .. > Successfully connected to: [host=192.168.3.125, port=1099] > > gfsh>list members > Name | Id > ---- | -------------------------------------------- > l1 | 192.168.3.125(l1:23399:locator)<ec><v0>:1024 > s1 | 192.168.3.125(s1:23597)<v3>:1025 > > gfsh>list regions > Unauthorized. Reason : super-user not authorized for DATA:READ > > gfsh>create region --name=region1 --type=PARTITION > Unauthorized. Reason : super-user not authorized for DATA:MANAGE > > gfsh> > > Why "list regions" and "create region" are Unauthorized, even though, as we > see in security.json, user "super-user" has a role "data", which is mapped > to permissions ("DATA:MANAGE", "DATA:WRITE", "DATA:READ"). > > Am i missing something here...? > Nilkanth. > -- Cheers Jinmei
