Thanks Jinmei for the clarification. Nilkanth.
On Mon, Feb 27, 2017 at 11:42 AM, Jinmei Liao <jil...@pivotal.io> wrote: > I'll update the wiki page to not include that line so that it won't be > confusing to the users. > > On Sun, Feb 26, 2017 at 10:11 PM, Jinmei Liao <jil...@pivotal.io> wrote: > > > Hi, NilKanth, the ExampleSecurityManager is meant as an example. When > > using that ExampleSecurityManager with the json file described in > > https://cwiki.apache.org/confluence/display/GEODE/ > > Using+Custom+SecurityManager, the role "data" only has permission to the > > following two regions: "region1" and "region2". So it still can not do > > "list region" and "create region". You can delete that line of > ""regions": > > ["region1", "region2"]" so that the data role can operate on all regions, > > then your commands will succeed. > > > > On Sun, Feb 26, 2017 at 9:36 PM, Nilkanth Patel <npa...@apache.org> > wrote: > > > >> Hello, > >> > >> With the setup explained in > >> https://cwiki.apache.org/confluence/display/GEODE/Using+ > >> Custom+SecurityManager, > >> observed following, > >> > >> Started locator, server as explained in doc. > >> > >> gfsh>connect --locators=localhost[10334] --user=super-user > >> --password=1234567 > >> Connecting to Locator at [host=localhost, port=10334] .. > >> Connecting to Manager at [host=192.168.3.125, port=1099] .. > >> Successfully connected to: [host=192.168.3.125, port=1099] > >> > >> gfsh>list members > >> Name | Id > >> ---- | -------------------------------------------- > >> l1 | 192.168.3.125(l1:23399:locator)<ec><v0>:1024 > >> s1 | 192.168.3.125(s1:23597)<v3>:1025 > >> > >> gfsh>list regions > >> Unauthorized. Reason : super-user not authorized for DATA:READ > >> > >> gfsh>create region --name=region1 --type=PARTITION > >> Unauthorized. Reason : super-user not authorized for DATA:MANAGE > >> > >> gfsh> > >> > >> Why "list regions" and "create region" are Unauthorized, even though, as > >> we > >> see in security.json, user "super-user" has a role "data", which is > mapped > >> to permissions ("DATA:MANAGE", "DATA:WRITE", "DATA:READ"). > >> > >> Am i missing something here...? > >> Nilkanth. > >> > > > > > > > > -- > > Cheers > > > > Jinmei > > > > > > -- > Cheers > > Jinmei >
