Page History

...

• All Resources are enumerated via the enum OperationContext.Resource.
• All OperationCodes are enumerated via the enum OperationContext.OperationCode.
• All of the existing OperationContext.is* methods have been deprecated in favor of testing against the relevant enums.
• The resource and operation code, for a given context, can be retrieved using OperationContext.getResource and OperationContext.getOperationCode respectively.

...

• Existing code, implementing AccessControl, would have needed to check the type of the OperationContext as passed into the authorizeOperation method. This is still possible, however it will now be easier to achieve the same functionality by simply checking the Resource and OperationCode of the context. For example, existing code might have looked like this:

  Code Block
  language java
  @Override public boolean authorizeOperation(String regionName, OperationContext context) { if (context instanceof PutOperationContext) { // cast to PutOperationContext } else if (context instanceof QueryOperationContext) { // cast to QueryOperationContext } else { // Must be JMX or CLI } return false; }

  Can now be changed to:

  Code Block
  language java
  @Override public boolean authorizeOperation(String regionName, OperationContext context) { switch (context.getOperationCode()) { case PUT: // cast to PutOperationContext break; case QUERY: // cast to QueryOperationContext break; default: // Must be JMX or CLI } return false; }

  Note that any JMX or CLI contexts are not associated with a specific type of OperationContext and are handled as 'default' cases.

• All client-server operations are associated with a Resource of DATA.

Reference

Following are lists for gfsh commands, (highlighted in green), and JMX operations with their corresponding permissions. Permissions appear as Resource:OperationCode tuples

...