Geode is introducing additional security features which allow finer grained control for JMX operations as well as GFSH commands. This functionality is automatically activated when the Geode properties security-client-authenticator
and security-client-accessor
are set.
Permissions are designed to be noun-verby and are in the form of RESOURCE:OPERATION[:REGION] tuples. The following values are valid:
Resource
- CLUSTER
- DATA
Operation
- MANAGE
- READ
- WRITE
At the end of this document is a reference list of all JMX and GFSH operations with their corresponding permissionsAdditional information can be found here: Integrated Security Developer Guide.
To quickly get started using permissions for JMX and GFSH a sample implementation of com.gemstone.gemfire.security.Authenticator
and com.gemstone.gemfire.security.AccessControl
is provided by the class com.gemstone.gemfire.security.templates.SampleJsonAuthorization
. This implementation requires a JSON file which defines the allowed users and their corresponding permissions. For example:
...