I think, but I am not sure, you have to mention both users in the setAcl at the same time, so they get different permissions.
Try also to update ZK. Please also check if you can use the other authorization mechanisms, eg SASL or x509. I think they are more suitable for Enterprise scenarios. > Am 14.11.2019 um 05:42 schrieb vrindavda <[email protected]>: > > I am trying to add zk digest ACL on zookeeper-3.4.9. > > I was able to add one user with /crdwa/ access. > The moment I add another user with read-only access- /r/. The first user > gets overridden with read-only access. Please see the output below : > > > WatchedEvent state:SyncConnected type:None path:null > [zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1 > [zk: localhost:2181(CONNECTED) 1] setAcl /newznode > auth:user1:password1:crdwa > cZxid = 0xe > ctime = Thu Nov 07 13:29:43 IST 2019 > mZxid = 0xe > mtime = Thu Nov 07 13:29:43 IST 2019 > pZxid = 0xe > cversion = 0 > dataVersion = 0 > aclVersion = 1 > ephemeralOwner = 0x0 > dataLength = 8 > numChildren = 0 > [zk: localhost:2181(CONNECTED) 2] getAcl /newznode > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : cdrwa > [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2 > [zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r > cZxid = 0xe > ctime = Thu Nov 07 13:29:43 IST 2019 > mZxid = 0xe > mtime = Thu Nov 07 13:29:43 IST 2019 > pZxid = 0xe > cversion = 0 > dataVersion = 0 > aclVersion = 2 > ephemeralOwner = 0x0 > dataLength = 8 > numChildren = 0 > zk: localhost:2181(CONNECTED) 5] getAcl /newznode > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : r > 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U= > : r > > > User1 and user2 are not readonly. > > Am I doing something incorrect? > > > > > > > -- > Sent from: http://zookeeper-user.578899.n2.nabble.com/
