One point that has been brought to my attention is that the administration of users and their authorizations brings difficulties to development. There are situations where you trust a user to create users, modify their privileges, and drop users, but not to manage a users authorizations. After talking to someone, the idea of a Secadmin was brought to my attention. We should split the administration space into two areas. The Grant privilege is still the root for granting Secadmin and for modifying authorizations. Secadmin should be the necessary privilege for managing users besides their authorizations. This allows a user who's trust enough to create users but not trusted enough to grant access to the various levels of data.
I'm opening up this as a discussion for dev to hear the communities thoughts and hash out details prior to ticket creation. Ideally these changes will get rolled into my branch for ACCUMULO-259, to be implemented in Accumulo 1.5. John
