I'll update the wiki page to not include that line so that it won't be confusing to the users.
On Sun, Feb 26, 2017 at 10:11 PM, Jinmei Liao <jil...@pivotal.io> wrote: > Hi, NilKanth, the ExampleSecurityManager is meant as an example. When > using that ExampleSecurityManager with the json file described in > https://cwiki.apache.org/confluence/display/GEODE/ > Using+Custom+SecurityManager, the role "data" only has permission to the > following two regions: "region1" and "region2". So it still can not do > "list region" and "create region". You can delete that line of ""regions": > ["region1", "region2"]" so that the data role can operate on all regions, > then your commands will succeed. > > On Sun, Feb 26, 2017 at 9:36 PM, Nilkanth Patel <npa...@apache.org> wrote: > >> Hello, >> >> With the setup explained in >> https://cwiki.apache.org/confluence/display/GEODE/Using+ >> Custom+SecurityManager, >> observed following, >> >> Started locator, server as explained in doc. >> >> gfsh>connect --locators=localhost[10334] --user=super-user >> --password=1234567 >> Connecting to Locator at [host=localhost, port=10334] .. >> Connecting to Manager at [host=192.168.3.125, port=1099] .. >> Successfully connected to: [host=192.168.3.125, port=1099] >> >> gfsh>list members >> Name | Id >> ---- | -------------------------------------------- >> l1 | 192.168.3.125(l1:23399:locator)<ec><v0>:1024 >> s1 | 192.168.3.125(s1:23597)<v3>:1025 >> >> gfsh>list regions >> Unauthorized. Reason : super-user not authorized for DATA:READ >> >> gfsh>create region --name=region1 --type=PARTITION >> Unauthorized. Reason : super-user not authorized for DATA:MANAGE >> >> gfsh> >> >> Why "list regions" and "create region" are Unauthorized, even though, as >> we >> see in security.json, user "super-user" has a role "data", which is mapped >> to permissions ("DATA:MANAGE", "DATA:WRITE", "DATA:READ"). >> >> Am i missing something here...? >> Nilkanth. >> > > > > -- > Cheers > > Jinmei > -- Cheers Jinmei
