In our current security model, a user with DATA:MANAGE can create regions, create disk stores, WAN gateways etc. This is a very wide scope, because an administrator may want to give create region privilege to a developer, but not necessarily give them the ability to create disk stores or send the data in that region over WAN. I propose that we refine the security model to make it finer grained.

I propose that only Region should belong to the DATA resource, everything else (i.e Disk, GATEWAYS, DEPLOY, Queries etc) be treated as CLUSTER resources in the security framework. As with any other resource, admins will be able to grant READ, WRITE and MANAGE permissions to these resources. In terms of shiro, this will take the form: CLUSTER:READ/WRITE/MANAGE:DISK,WAN,ASYNCQUEUE.

brief description of resources:

DISK: ability to manage diskstores/create regions that will write to disk stores

GATEWAY: ability to manage gateway senders and receivers and create regions that use gateways

DEPLOY: ability to deploy server side code

QUERY: ability to manage indices (only OQL), and manage Continuous queries

LUCENE: ability to manage lucene indices

Examples:

Here is how it will work out for DISK resource:
1. CLUSTER:MANAGE:DISK - allows users to create/manage disk stores
2. CLUSTER:WRITE:DISK - allows users to create regions that write/overflow to disk stores
3. CLUSTER:READ:DISK - should be covered by DATA:READ, does not make sense here


Here is a revised list of permission strings. The ones that will change are highlighted below:

Client-Server Operations

Client OperationsOld Permission StringNew Permission String
get function attributeCLUSTER:READ
create regionDATA:MANAGE
destroy regionDATA:MANAGE
get keysetDATA:READ:regionName
queryDATA:READ:regionName
region.getAllDATA:READ:regionName
region.getEntryDATA:READ:regionName
getAll (list of keys)DATA:READ:regionName:key
region.containsKeyOnServer(key)DATA:READ:regionName:key
region.get(key)DATA:READ:regionName:key
registerInterestDATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName
unregister interestDATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName
execute functionDATA:WRITEControlled by Function Author
clear regionDATA:WRITE:regionName
putAllDATA:WRITE:regionName
region.clearDATA:WRITE:regionName
region.removeAllDATA:WRITE:regionName
destroy keyDATA:WRITE:regionName:key
invalidate keyDATA:WRITE:regionName:key
region.destroy(key)DATA:WRITE:regionName:key
region.invalidate(key)DATA:WRITE:regionName:key
region.put(key, value)DATA:WRITE:regionName:key
region.replaceDATA:WRITE:regionName:key
queryService.newCqDATA:READ:regionName
cq.stop()DATA:MANAGECLUSTER:MANAGE:QUERY


GFSH and JMX operations

OperationsOld Permission StringNew Permission String
alter runtimeCLUSTER:MANAGECLUSTER:MANAGE
DistributedSystemMXBean.shutdownAllMembersCLUSTER:MANAGECLUSTER:MANAGE
gcCLUSTER:MANAGECLUSTER:MANAGE
ManagerMXBean.createManagerCLUSTER:MANAGECLUSTER:MANAGE
ManagerMXBean.shutDownMemberCLUSTER:MANAGECLUSTER:MANAGE
ManagerMXBean.startCLUSTER:MANAGECLUSTER:MANAGE
ManagerMXBean.stopCLUSTER:MANAGECLUSTER:MANAGE
shutdownCLUSTER:MANAGECLUSTER:MANAGE
start serverCLUSTER:MANAGECLUSTER:MANAGE
stop locatorCLUSTER:MANAGECLUSTER:MANAGE
stop serverCLUSTER:MANAGECLUSTER:MANAGE
describe clientCLUSTER:READCLUSTER:READ
describe configCLUSTER:READCLUSTER:READ
describe disk-storeCLUSTER:READCLUSTER:READ
describe memberCLUSTER:READCLUSTER:READ
describe offline-disk-storeCLUSTER:READCLUSTER:READ
describe regionCLUSTER:READCLUSTER:READ
export cluster-configurationCLUSTER:READCLUSTER:READ
export configCLUSTER:READCLUSTER:READ
export dataCLUSTER:READCLUSTER:READ
export logsCLUSTER:READCLUSTER:READ
export offline-disk-storeCLUSTER:READCLUSTER:READ
export stack-tracesCLUSTER:READCLUSTER:READ
get function attributeCLUSTER:READCLUSTER:READ
list async-event-queuesCLUSTER:READCLUSTER:READ
list clientsCLUSTER:READCLUSTER:READ
list deployedCLUSTER:READCLUSTER:READ
list disk-storesCLUSTER:READCLUSTER:READ
list durable-cqsCLUSTER:READCLUSTER:READ
list functionsCLUSTER:READCLUSTER:READ
list gatewaysCLUSTER:READCLUSTER:READ
list indexesCLUSTER:READCLUSTER:READ:QUERY
list membersCLUSTER:READCLUSTER:READ
Mbeans get attributesCLUSTER:READCLUSTER:READ
MemberMXBean.showLogCLUSTER:READCLUSTER:READ
netstatCLUSTER:READCLUSTER:READ
show dead-locksCLUSTER:READCLUSTER:READ
show logCLUSTER:READCLUSTER:READ
show metricsCLUSTER:READCLUSTER:READ
show missing-disk-storesCLUSTER:READCLUSTER:READ
show subscription-queue-sizeCLUSTER:READCLUSTER:READ
status cluster-config-serviceCLUSTER:READCLUSTER:READ
status gateway-receiverCLUSTER:READCLUSTER:READ
status gateway-senderCLUSTER:READCLUSTER:READ
status locatorCLUSTER:READCLUSTER:READ
status serverCLUSTER:READCLUSTER:READ
change loglevelCLUSTER:WRITECLUSTER:WRITE
DistributedSystemMXBean.changerAlertLevelCLUSTER:WRITECLUSTER:WRITE
ManagerMXBean.setPulseURLCLUSTER:WRITECLUSTER:WRITE
ManagerMXBean.setStatusMessageCLUSTER:WRITECLUSTER:WRITE
alter disk-storeDATA:MANAGE (N/A)CLUSTER:MANAGE:DISK (N/A), need documentation fix
CacheServerMXBean.closeAllContinuousQueryDATA:MANAGECLUSTER:MANAGE:QUERY
CacheServerMXBean.closeContinuousQueryDATA:MANAGECLUSTER:MANAGE:QUERY
clear defined indexesDATA:MANAGECLUSTER:MANAGE:QUERY
close durable-clientDATA:MANAGECLUSTER:MANAGE:QUERY
close durable-cqDATA:MANAGECLUSTER:MANAGE:QUERY
compact disk-storeDATA:MANAGECLUSTER:MANAGE:DISK
compact offline-disk-store N/A
configure pdxDATA:MANAGECLUSTER:MANAGE
create async-event-queueDATA:MANAGECLUSTER:MANAGE:DEPLOY AND CLUSTER:WRITE:DISK if persistent
create defined indexesDATA:MANAGECLUSTER:MANAGE:QUERY
create disk-storeDATA:MANAGECLUSTER:MANAGE:DISK
create gateway-receiverDATA:MANAGECLUSTER:MANAGE:GATEWAY
create gateway-senderDATA:MANAGECLUSTER:MANAGE:GATEWAY
create regionDATA:MANAGEDATA:MANAGE AND CLUSTER:WRITE:DISK if persistent
destroy disk-storeDATA:MANAGECLUSTER:MANAGE:DISK
destroy functionDATA:MANAGECLUSTER:MANAGE:DEPLOY
destroy regionDATA:MANAGEDATA:MANAGE
destroy regionDATA:MANAGEDATA:MANAGE
disconnectDATA:MANAGEN/A
DiskStoreMXBean.flushDATA:MANAGECLUSTER:MANAGE:DISK
DiskStoreMXBean.forceCompactionDATA:MANAGECLUSTER:MANAGE:DISK
DiskStoreMXBean.forceRollDATA:MANAGECLUSTER:MANAGE:DISK
DiskStoreMXBean.setDiskUsageCriticalPercentageDATA:MANAGECLUSTER:MANAGE:DISK
DiskStoreMXBean.setDiskUsageWarningPercentageDATA:MANAGECLUSTER:MANAGE:DISK
DistributedSystemMXBean.revokeMissingDiskStoresDATA:MANAGECLUSTER:MANAGE:DISK
DistributedSystemMXBean.setQueryCollectionsDepthDATA:MANAGECLUSTER:MANAGE:QUERY
DistributedSystemMXBean.setQueryResultSetLimitDATA:MANAGECLUSTER:MANAGE:QUERY
echoDATA:MANAGEN/A
encrypt passwordDATA:MANAGEN/A
execute functionDATA:MANAGEdetermined by function api
GatewayReceiverMXBean.pauseDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewayReceiverMXBean.rebalanceDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewayReceiverMXBean.resumeDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewayReceiverMXBean.startDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewayReceiverMXBean.stopDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewaySenderMXBean.pauseDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewaySenderMXBean.rebalanceDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewaySenderMXBean.resumeDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewaySenderMXBean.startDATA:MANAGECLUSTER:MANAGE:GATEWAY
GatewaySenderMXBean.stopDATA:MANAGECLUSTER:MANAGE:GATEWAY
import cluster-configurationDATA:MANAGECLUSTER:MANAGE
load-balance gateway-senderDATA:MANAGECLUSTER:MANAGE:GATEWAY
LockServiceMXBean.becomeLockGrantorDATA:MANAGECLUSTER:MANAGE
MemberMXBean.compactAllDiskStoresDATA:MANAGECLUSTER:MANAGE:DISK
pause gateway-senderDATA:MANAGECLUSTER:MANAGE:GATEWAY
pdx renameDATA:MANAGEN/A
rebalanceDATA:MANAGEDATA:MANAGE
resume gateway-senderDATA:MANAGECLUSTER:MANAGE:GATEWAY
revoke missing-disk-storeDATA:MANAGECLUSTER:MANAGE:DISK
start gateway-receiverDATA:MANAGECLUSTER:MANAGE:GATEWAY
start gateway-senderDATA:MANAGECLUSTER:MANAGE:GATEWAY
stop gateway-receiverDATA:MANAGECLUSTER:MANAGE:GATEWAY
stop gateway-receiverDATA:MANAGECLUSTER:MANAGE:GATEWAY
undeployDATA:MANAGECLUSTER:MANAGE:DEPLOY
destroy indexDATA:MANAGE or DATA:MANAGE:RegionNameCLUSTER:MANAGE:QUERY
deployDATA:MANAGE, DATA:WRITE, CLUSTER:MANAGE, and CLUSTER:WRITECLUSTER:MANAGE:DEPLOY
alter regionDATA:MANAGE:RegionNameDATA:MANAGE:RegionName
create indexDATA:MANAGE:RegionNameCLUSTER:MANAGE:QUERY
define indexDATA:MANAGE:RegionNameCLUSTER:MANAGE:QUERY
create lucene indexDATA:MANAGE:RegionNameCLUSTER:MANAGE:LUCENE
describe lucene indexCLUSTER:READCLUSTER:READ:LUCENE
destroy lucene indexDATA:MANAGE:RegionNameCLUSTER:MANAGE:LUCENE
list lucene indexesCLUSTER:READCLUSTER:READ:LUCENE
search luceneDATA:WRITEDATA:READ:RegionName
backup disk-storeDATA:READDATA:READ and CLUSTER:WRITE:DISK
CacheServerMXBean.executeContinuousQueryDATA:READDATA:READ
DistributedSystemMXBean.backupAllMembersDATA:READDATA:READ and CLUSTER:WRITE:DISK
DistributedSystemMXBean.queryDataDATA:READDATA:READ
DistributedSystemMXBean.queryDataForCompressedResultDATA:READDATA:READ
list regionsDATA:READCLUSTER:READ
queryDATA:READDATA:READ:RegionName
Region.getAllDATA:READ:RegionNameDATA:READ:RegionName
Region.getEntryDATA:READ:RegionNameDATA:READ:RegionName
Region.KeysetDATA:READ:RegionNameDATA:READ:RegionName
Region.queryDATA:READ:RegionNameDATA:READ:RegionName
Region.registerInterest(regex)DATA:READ:RegionNameDATA:READ:RegionName
Region.unregisterInterest(regex)DATA:READ:RegionNameDATA:READ:RegionName
get ‑key=key1 ‑region=region1DATA:READ:RegionName:KeyDATA:READ:RegionName:Key
locate entryDATA:READ:RegionName:KeyDATA:READ:RegionName:Key
Region.containsKeyOnServer(key)DATA:READ:RegionName:KeyDATA:READ:RegionName:Key
Region.get(key)DATA:READ:RegionName:KeyDATA:READ:RegionName:Key
Region.getAll with a list of keysDATA:READ:RegionName:KeyDATA:READ:RegionName:Key
Region.registerInterest(key)DATA:READ:RegionName:KeyDATA:READ:RegionName:Key
Region.unregisterInterest(key)DATA:READ:RegionName:KeyDATA:READ:RegionName:Key
execute functionDATA:WRITEdetermined by funtion api
clear regionDATA:WRITE:RegionNameDATA:WRITE:RegionName
import dataDATA:WRITE:RegionNameDATA:WRITE:RegionName
Region.clearDATA:WRITE:RegionNameDATA:WRITE:RegionName
Region.putAllDATA:WRITE:RegionNameDATA:WRITE:RegionName
Region.removeAllDATA:WRITE:RegionNameDATA:WRITE:RegionName
removeDATA:WRITE:RegionName or DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName or DATA:WRITE:RegionName:Key
destroy key (DIFFERENT?)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
invalidate key (DIFFERENT?)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
put –key=key1 –region=region1DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
Region.destroy(key)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
Region.destroy(key)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
Region.invalidate(key)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
Region.put(key)DATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
Region.replaceDATA:WRITE:RegionName:KeyDATA:WRITE:RegionName:Key
CqQuery.executeDATA:READ:regionNameCLUSTER:MANAGE:QUERY and DATA:READ:regionName
CqQuery.executeWithInitialResultDATA:READ:regionNameCLUSTER:MANAGE:QUERY and DATA:READ:regionName

create jndi-binding

N/ACLUSTER:MANAGE

describe jndi-binding

N/ACLUSTER:READ

destroy jndi-binding

N/ACLUSTER:MANAGE

list jndi-binding

N/ACLUSTER:READ

Experimental gfsh Operations

OperationsOld Permission StringNew Permission String
alter jdbc-connectionN/ACLUSTER:MANAGE

alter jdbc-mapping

N/ACLUSTER:MANAGE

create jdbc-connection

N/ACLUSTER:MANAGE

create jdbc-mapping

N/ACLUSTER:MANAGE

describe jdbc-connection

N/ACLUSTER:MANAGE

describe jdbc-mapping

N/ACLUSTER:MANAGE

destroy jdbc-connection

N/ACLUSTER:MANAGE

destroy jdbc-mapping

N/ACLUSTER:MANAGE

list jdbc-connections

N/ACLUSTER:MANAGE

list jdbc-mappings

N/ACLUSTER:MANAGE



  • No labels