[ https://issues.apache.org/jira/browse/ZOOKEEPER-2709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15900099#comment-15900099 ]
ASF GitHub Bot commented on ZOOKEEPER-2709: ------------------------------------------- Github user afine commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/182#discussion_r104770508 --- Diff: src/docs/src/documentation/content/xdocs/zookeeperProgrammers.xml --- @@ -899,9 +899,16 @@ single id, <emphasis>anyone</emphasis>, that represents anyone.</para></listitem> - <listitem><para><emphasis role="bold">auth</emphasis> doesn't - use any id, represents any authenticated - user.</para></listitem> + <listitem><para><emphasis role="bold">auth</emphasis> is a special + scheme which ignores any provided ID and instead uses the current user, + credentials, and scheme. Any ID (whether, 'user' like with SASL + authentication or 'user:password' like with DIGEST authentication) provided is ignored + by the ZooKeeper server when persisting the ACL. However, the ID must be + provided in the ACL because the ACL must match the form 'scheme:id:perms'. + This scheme is provided as a convenience as it is a common use-case for + a client to create a znode and then restrict access to that znode to only that client. --- End diff -- perhaps "only that user" would be clearer? > Clarify documentation around "auth" ACL scheme > ---------------------------------------------- > > Key: ZOOKEEPER-2709 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2709 > Project: ZooKeeper > Issue Type: Task > Components: documentation > Reporter: Josh Elser > Priority: Minor > > We recently found up in HBASE-17717 that we were incorrectly setting an ACL > on our "sensitive" znodes after the output of {{getACL}} on these nodes > didn't match what was expected. > In referencing the documentation about how the {{auth}} ACL scheme was > supposed to work, it was unclear if it was a ZooKeeper bug or an HBase bug. > After reading some ZooKeeper code, we found that it was an HBase bug, but it > would be nice to clarify the docs around this ACL scheme. -- This message was sent by Atlassian JIRA (v6.3.15#6346)