THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Here is how it will work out for DISK resource:
1. CLUSTER:MANAGE:DISK - allows users to create/manage disk stores
2. CLUSTER:WRITE:DISK - allows users to create regions that write/overflow to disk stores
3. CLUSTER:READ:DISK - should be covered by DATA:READ, does not make sense here
Here is a revised list of permission strings. The ones that will change are highlighted below:
...
Client Operations | Old Permission String | New Permission String | |
---|---|---|---|
get function attribute | CLUSTER:READ | ||
create region | DATA:MANAGE | ||
destroy region | DATA:MANAGE | ||
get keyset | DATA:READ:regionName | ||
query | DATA:READ:regionName | ||
region.getAll | DATA:READ:regionName | ||
region.getEntry | DATA:READ:regionName | ||
getAll (list of keys) | DATA:READ:regionName:key | ||
region.containsKeyOnServer(key) | DATA:READ:regionName:key | ||
region.get(key) | DATA:READ:regionName:key | ||
registerInterest | DATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName | ||
unregister interest | DATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName | ||
execute function | DATA:WRITE | Controlled by Function Author | |
clear region | DATA:WRITE:regionName | ||
putAll | DATA:WRITE:regionName | ||
region.clear | DATA:WRITE:regionName | ||
region.removeAll | DATA:WRITE:regionName | ||
destroy key | DATA:WRITE:regionName:key | ||
invalidate key | DATA:WRITE:regionName:key | ||
region.destroy(key) | DATA:WRITE:regionName:key | ||
region.invalidate(key) | DATA:WRITE:regionName:key | ||
region.put(key, value) | DATA:WRITE:regionName:key | ||
region.replace | DATA:WRITE:regionName:key | ||
queryService.newCq | DATA:READ:regionName | ||
cq.stop() | DATA:MANAGEDATA | CLUSTER:MANAGE:READQUERY |
GFSH and JMX operations
Operations | Old Permission String | New Permission String |
---|---|---|
alter runtime | CLUSTER:MANAGE | CLUSTER:MANAGE |
DistributedSystemMXBean.shutdownAllMembers | CLUSTER:MANAGE | CLUSTER:MANAGE |
gc | CLUSTER:MANAGE | CLUSTER:MANAGE |
ManagerMXBean.createManager | CLUSTER:MANAGE | CLUSTER:MANAGE |
ManagerMXBean.shutDownMember | CLUSTER:MANAGE | CLUSTER:MANAGE |
ManagerMXBean.start | CLUSTER:MANAGE | CLUSTER:MANAGE |
ManagerMXBean.stop | CLUSTER:MANAGE | CLUSTER:MANAGE |
shutdown | CLUSTER:MANAGE | CLUSTER:MANAGE |
start server | CLUSTER:MANAGE | CLUSTER:MANAGE |
stop locator | CLUSTER:MANAGE | CLUSTER:MANAGE |
stop server | CLUSTER:MANAGE | CLUSTER:MANAGE |
describe client | CLUSTER:READ | CLUSTER:READ |
describe config | CLUSTER:READ | CLUSTER:READ |
describe disk-store | CLUSTER:READ | CLUSTER:READ |
describe member | CLUSTER:READ | CLUSTER:READ |
describe offline-disk-store | CLUSTER:READ | CLUSTER:READ |
describe region | CLUSTER:READ | CLUSTER:READ |
export cluster-configuration | CLUSTER:READ | CLUSTER:READ |
export config | CLUSTER:READ | CLUSTER:READ |
export data | CLUSTER:READ | CLUSTER:READ |
export logs | CLUSTER:READ | CLUSTER:READ |
export offline-disk-store | CLUSTER:READ | CLUSTER:READ |
export stack-traces | CLUSTER:READ | CLUSTER:READ |
get function attribute | CLUSTER:READ | CLUSTER:READ |
list async-event-queues | CLUSTER:READ | CLUSTER:READ |
list clients | CLUSTER:READ | CLUSTER:READ |
list deployed | CLUSTER:READ | CLUSTER:READ |
list disk-stores | CLUSTER:READ | CLUSTER:READ |
list durable-cqs | CLUSTER:READ | CLUSTER:READ |
list functions | CLUSTER:READ | CLUSTER:READ |
list gateways | CLUSTER:READ | CLUSTER:READ |
list indexes | CLUSTER:READ | CLUSTER:READ:QUERY |
list members | CLUSTER:READ | CLUSTER:READ |
Mbeans get attributes | CLUSTER:READ | CLUSTER:READ |
MemberMXBean.showLog | CLUSTER:READ | CLUSTER:READ |
netstat | CLUSTER:READ | CLUSTER:READ |
show dead-locks | CLUSTER:READ | CLUSTER:READ |
show log | CLUSTER:READ | CLUSTER:READ |
show metrics | CLUSTER:READ | CLUSTER:READ |
show missing-disk-stores | CLUSTER:READ | CLUSTER:READ |
show subscription-queue-size | CLUSTER:READ | CLUSTER:READ |
status cluster-config-service | CLUSTER:READ | CLUSTER:READ |
status gateway-receiver | CLUSTER:READ | CLUSTER:READ |
status gateway-sender | CLUSTER:READ | CLUSTER:READ |
status locator | CLUSTER:READ | CLUSTER:READ |
status server | CLUSTER:READ | CLUSTER:READ |
change loglevel | CLUSTER:WRITE | CLUSTER:WRITE |
DistributedSystemMXBean.changerAlertLevel | CLUSTER:WRITE | CLUSTER:WRITE |
ManagerMXBean.setPulseURL | CLUSTER:WRITE | CLUSTER:WRITE |
ManagerMXBean.setStatusMessage | CLUSTER:WRITE | CLUSTER:WRITE |
alter disk-store | DATA:MANAGE (N/A) | CLUSTER:MANAGE:DISK (N/A), need documentation fix |
CacheServerMXBean.closeAllContinuousQuery | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
CacheServerMXBean.closeContinuousQuery | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
clear defined indexes | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
close durable-client | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
close durable-cq | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
compact disk-store | DATA:MANAGE | CLUSTER:MANAGE:DISK |
compact offline-disk-store | N/A | |
configure pdx | DATA:MANAGE | CLUSTER:MANAGE |
create async-event-queue | DATA:MANAGE | CLUSTER:MANAGE:DEPLOY AND CLUSTER:WRITE:DISK if persistent |
create defined indexes | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
create disk-store | DATA:MANAGE | CLUSTER:MANAGE:DISK |
create gateway-receiver | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
create gateway-sender | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
create region | DATA:MANAGE | DATA:MANAGE AND CLUSTER:WRITE:DISK if persistent |
destroy disk-store | DATA:MANAGE | CLUSTER:MANAGE:DISK |
destroy function | DATA:MANAGE | CLUSTER:MANAGE:DEPLOY |
destroy region | DATA:MANAGE | DATA:MANAGE |
destroy region | DATA:MANAGE | DATA:MANAGE |
disconnect | DATA:MANAGE | N/A |
DiskStoreMXBean.flush | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DiskStoreMXBean.forceCompaction | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DiskStoreMXBean.forceRoll | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DiskStoreMXBean.setDiskUsageCriticalPercentage | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DiskStoreMXBean.setDiskUsageWarningPercentage | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DistributedSystemMXBean.revokeMissingDiskStores | DATA:MANAGE | CLUSTER:MANAGE:DISK |
DistributedSystemMXBean.setQueryCollectionsDepth | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
DistributedSystemMXBean.setQueryResultSetLimit | DATA:MANAGE | CLUSTER:MANAGE:QUERY |
echo | DATA:MANAGE | N/A |
encrypt password | DATA:MANAGE | N/A |
execute function | DATA:MANAGE | determined by function api |
GatewayReceiverMXBean.pause | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewayReceiverMXBean.rebalance | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewayReceiverMXBean.resume | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewayReceiverMXBean.start | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewayReceiverMXBean.stop | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewaySenderMXBean.pause | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewaySenderMXBean.rebalance | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewaySenderMXBean.resume | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewaySenderMXBean.start | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
GatewaySenderMXBean.stop | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
import cluster-configuration | DATA:MANAGE | CLUSTER:MANAGE |
load-balance gateway-sender | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
LockServiceMXBean.becomeLockGrantor | DATA:MANAGE | CLUSTER:MANAGE |
MemberMXBean.compactAllDiskStores | DATA:MANAGE | CLUSTER:MANAGE:DISK |
pause gateway-sender | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
pdx rename | DATA:MANAGE | N/A |
rebalance | DATA:MANAGE | DATA:MANAGE |
resume gateway-sender | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
revoke missing-disk-store | DATA:MANAGE | CLUSTER:MANAGE:DISK |
start gateway-receiver | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
start gateway-sender | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
stop gateway-receiver | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
stop gateway-receiver | DATA:MANAGE | CLUSTER:MANAGE:GATEWAY |
undeploy | DATA:MANAGE | CLUSTER:MANAGE:DEPLOY |
destroy index | DATA:MANAGE or DATA:MANAGE:RegionName | CLUSTER:MANAGE:QUERY |
deploy | DATA:MANAGE, DATA:WRITE, CLUSTER:MANAGE, and CLUSTER:WRITE | CLUSTER:MANAGE:DEPLOY |
alter region | DATA:MANAGE:RegionName | DATA:MANAGE:RegionName |
create index | DATA:MANAGE:RegionName | CLUSTER:MANAGE:QUERY |
define index | DATA:MANAGE:RegionName | CLUSTER:MANAGE:QUERY |
create lucene index | DATA:MANAGE:RegionName | CLUSTER:MANAGE:LUCENE |
describe lucene index | CLUSTER:READ | CLUSTER:READ:LUCENE |
destroy lucene index | DATA:MANAGE:RegionName | CLUSTER:MANAGE:LUCENE |
list lucene indexes | CLUSTER:READ | CLUSTER:READ:LUCENE |
search lucene | DATA:WRITE | DATA:READ:RegionName |
backup disk-store | DATA:READ | DATA:READ and CLUSTER:WRITE:DISK |
CacheServerMXBean.executeContinuousQuery | DATA:READ | DATA:READ |
DistributedSystemMXBean.backupAllMembers | DATA:READ | DATA:READ and CLUSTER:WRITE:DISK |
DistributedSystemMXBean.queryData | DATA:READ | DATA:READ |
DistributedSystemMXBean.queryDataForCompressedResult | DATA:READ | DATA:READ |
list regions | DATA:READ | CLUSTER:READ |
query | DATA:READ | DATA:READ:RegionName |
Region.getAll | DATA:READ:RegionName | DATA:READ:RegionName |
Region.getEntry | DATA:READ:RegionName | DATA:READ:RegionName |
Region.Keyset | DATA:READ:RegionName | DATA:READ:RegionName |
Region.query | DATA:READ:RegionName | DATA:READ:RegionName |
Region.registerInterest(regex) | DATA:READ:RegionName | DATA:READ:RegionName |
Region.unregisterInterest(regex) | DATA:READ:RegionName | DATA:READ:RegionName |
get ‑key=key1 ‑region=region1 | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
locate entry | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
Region.containsKeyOnServer(key) | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
Region.get(key) | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
Region.getAll with a list of keys | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
Region.registerInterest(key) | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
Region.unregisterInterest(key) | DATA:READ:RegionName:Key | DATA:READ:RegionName:Key |
execute function | DATA:WRITE | determined by funtion api |
clear region | DATA:WRITE:RegionName | DATA:WRITE:RegionName |
import data | DATA:WRITE:RegionName | DATA:WRITE:RegionName |
Region.clear | DATA:WRITE:RegionName | DATA:WRITE:RegionName |
Region.putAll | DATA:WRITE:RegionName | DATA:WRITE:RegionName |
Region.removeAll | DATA:WRITE:RegionName | DATA:WRITE:RegionName |
remove | DATA:WRITE:RegionName or DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName or DATA:WRITE:RegionName:Key |
destroy key (DIFFERENT?) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
invalidate key (DIFFERENT?) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
put –key=key1 –region=region1 | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
Region.destroy(key) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
Region.destroy(key) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
Region.invalidate(key) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
Region.put(key) | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
Region.replace | DATA:WRITE:RegionName:Key | DATA:WRITE:RegionName:Key |
CqQuery.execute | DATA:READ:regionName | CLUSTER:MANAGE:QUERY and DATA:READ:regionName |
CqQuery.executeWithInitialResult | DATA:READ:regionName | CLUSTER:MANAGE:QUERY and DATA:READ:regionName |
alter jdbc-connection | N/A | CLUSTER:MANAGE |
alter jdbc-mapping | N/A | CLUSTER:MANAGE |
create jdbc-connection | N/A | CLUSTER:MANAGE |
create jdbc-mapping | N/A | CLUSTER:MANAGE |
describe jdbc-connection | N/A | CLUSTER:MANAGE |
describe jdbc-mapping | N/A | CLUSTER:MANAGE |
destroy jdbc-connection | N/A | CLUSTER:MANAGE |
destroy jdbc-mapping | N/A | CLUSTER:MANAGE |
list jdbc-connections | N/A | CLUSTER:MANAGE |
list jdbc-mappings | N/A | CLUSTER:MANAGE |
create jndi-binding | N/A | CLUSTER:MANAGE |
describe jndi-binding | N/A | CLUSTER:READ |
destroy jndi-binding | N/A | CLUSTER:MANAGE |
list jndi-binding | N/A | CLUSTER:READ |
...