Github user jinmeiliao commented on a diff in the pull request:
https://github.com/apache/geode/pull/660#discussion_r129910320
--- Diff:
geode-docs/managing/security/implementing_authorization.html.md.erb ---
@@ -56,13 +56,23 @@ which classifies whether the operation as
The operations are not hierarchical;
`MANAGE` does not imply `WRITE`, and `WRITE` does not imply `READ`.
-Some operations further specify a region name in the permission.
+Some `DATA` operations further specify a region name in the permission.
This permits restricting operations on that region to only those
authorized principals.
And within a region, some operations may specify a key.
This permits restricting operations on that key within that region to
only those authorized principals.
+Some `CLUSTER` operations further specify a finer-grained
+target for the operation.
+Specify the target with a string value of:
+
+- `DISK` to target operations that write to a disk store
+- `GATEWAY` to target operations that manage gateway senders and receivers
+- `QUERY` to target operations that manage both indexes and continuous
+ queries
+- `JAR` to target operations that deploy code to servers
+
--- End diff --
I believe there are more changes to the permission strings than just these
few here. We also made some corrections like:
echo: N/A
encrypt password: N/A (actually encrypt password is no longer a gfsh
command anymore, we removed it).
execute function: determined by function api.
A lot of the GatewayMXBean operation are changed as well.
Please go through the list of "new permission strings in
https://cwiki.apache.org/confluence/display/GEODE/Finer+grained+security and
make all the modifications needed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
