GemFire's role-based authorization verifies that an authenticated user has the correct permissions for requested operations.
Resource Permissions
See the GemFire section on Implementing Authorization for definitions of permission levels within GemFire.
In addition to the existing permission levels,
there is a finer-grained target of GPDB defined for CLUSTER operations.
This table specifies the permissions required to run these
connector-specific gfsh commands.
gfsh Command |
Assigned ResourcePermission |
|---|---|
| cancel gpdb operations | CLUSTER:MANAGE:GPDB |
| configure gpfdist-protocol | CLUSTER:MANAGE:GPDB |
| create gpdb-mapping | CLUSTER:MANAGE:GPDB |
| describe gpdb-mapping | CLUSTER:READ:GPDB |
| describe gpfdist-protocol | CLUSTER:READ:GPDB |
| destroy gpdb-mapping | CLUSTER:MANAGE:GPDB |
| export gpdb | DATA:READ:regionName |
| import gpdb | DATA:WRITE:regionName |
| list gpdb operations | CLUSTER:READ:GPDB |
| list gpdb-mapping | CLUSTER:READ:GPDB |
This table specifies permissions required to execute these methods.
| method | Assigned ResourcePermission |
|---|---|
| GpdbService.cancelOperation() | CLUSTER:MANAGE:GPDB |
| GpdbService.exportRegion() | DATA:READ:regionName |
| GpdbService.importRegion() | DATA:WRITE:regionName |
Content feedback and comments