Create role-specific namespace for grants #533

Closed
wants to merge 2 commits into
from

Conversation

Projects
None yet
1 participant
Contributor

macintux commented Feb 19, 2014

This is an exclusive-or of the jrd-security-role-uniqueness branch, which attempted to constrain users and groups to have distinct names. This branch enables operators to define names that overlap by creating distinct places in core metadata for grants for users vs groups.

riak-admin will (for grant/revoke only, although that list of commands could be extended trivially) support user/<user> and group/<group> syntax to disambiguate grants or revokes when names are not unique. The tool will mandate the use of that syntax when name conflicts occur, although at the moment the tools have not been updated to illustrate the syntax or to explicitly ask for it.

The user/ or group/ prefixes have also been used internally when generating a list of permissions so that the print-user command can identify which permissions apply to the user vs any group by the same name.

/cc @Vagabond

Contributor

macintux commented Feb 19, 2014

Superseded by #534, closing

macintux closed this Feb 19, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment