Description
In our current security model, a user with DATA:MANAGE can create regions, create disk stores, WAN gateways etc. I think this is a very wide scope, because an administrator may want to give create region privilege to a developer, but not necessarily give them the ability to create disk stores or send the data in that region over WAN. I propose that we refine the security model to make it finer grained.
Please see this discussion on the mailing list: https://lists.apache.org/thread.html/f96842276e93d8a6c3080ad3982c72431d62d1e7c717ebbc50941968@%3Cdev.geode.apache.org%3E
Attachments
Issue Links
- incorporates
-
GEODE-1797 No gfsh commands are available to readonly members
- Closed
- links to