...
The security-manager
property identifies the class name of the SecurityManager
interface implementation. SecurityManager
is the interface you implement for both authentication and authorization. Make sure your class has a zero argument constructor so that Geode can instantiate the object. See the SecurityManager
javadoc for details. There is a SampleSecurityManager
an ExampleSecurityManager
in the geode-core/src/main/java/org/apache/geode/examples/security/templates
directory directory that you can use as an example to write your own implementation.
...
5. Operations and their corresponding ResourcePermission
Below are is the list of operations with their corresponding ResourcePermission
:
...
Commands | Required ResourcePermission |
---|---|
alter runtime | CLUSTER:MANAGE |
gc | CLUSTER:MANAGE |
shutdown | CLUSTER:MANAGE |
startManager | CLUSTER:MANAGE |
stop locator --name=locator1 | CLUSTER:MANAGE |
stop server --name=server1 | CLUSTER:MANAGE |
describe client --clientID=172.16.196.144 | CLUSTER:READ |
describe config --member=Member1 | CLUSTER:READ |
describe disk-store --name=foo --member=baz | CLUSTER:READ |
describe member --name=server1 | CLUSTER:READ |
describe offline-disk-store --name=foo --disk-dirs=bar | CLUSTER:READ |
describe region --name=value | CLUSTER:READ |
export cluster-configuration --zip-file-name=mySharedConfig.zip | CLUSTER:READ |
export config --member=member1 | CLUSTER:READ |
export logs --dir=data/logs | CLUSTER:READ |
export stack-traces --file=stack.txt | CLUSTER:READ |
exportLogs | CLUSTER:READ |
exportStackTrace | CLUSTER:READ |
list async-event-queues | CLUSTER:READ |
list clients | CLUSTER:READ |
list deployed | CLUSTER:READ |
list disk-stores | CLUSTER:READ |
list durable-cqs --durable-client-id=client1 | CLUSTER:READ |
list functions | CLUSTER:READ |
list gateways | CLUSTER:READ |
list indexes | CLUSTER:READ |
list members | CLUSTER:READ |
list regions | DATA:READ |
netstat --member=server1 | CLUSTER:READ |
show dead-locks --file=deadlocks.txt | CLUSTER:READ |
show log --member=locator1 --lines=5 | CLUSTER:READ |
show metrics | CLUSTER:READ |
show missing-disk-stores | CLUSTER:READ |
show subscription-queue-size --durable-client-id=client1 | CLUSTER:READ |
show log | CLUSTER:READ |
status cluster-config-service | CLUSTER:READ |
status gateway-receiver | CLUSTER:READ |
status gateway-sender | CLUSTER:READ |
change loglevel --loglevel=severe --member=server1 | CLUSTER:WRITE |
alter disk-store --name=foo --region=xyz --disk-dirs=bar | DATA:MANAGE |
alter region --name=region1 --eviction-max=5000 | DATA:MANAGE:REGIONNAME |
clear defined indexes | DATA:MANAGE |
close durable-client --durable-client-id=client1 | DATA:MANAGE |
close durable-cq --durable-client-id=client1 --durable-cq-name=cq1 | DATA:MANAGE |
compact disk-store --name=foo | DATA:MANAGE |
compact offline-disk-store --name=foo --disk-dirs=bar | DATA:MANAGE |
configure pdx --read-serialized=true | DATA:MANAGE |
create async-event-queue --id=myAEQ --listener=myApp.myListener | DATA:MANAGE |
create defined indexes | DATA:MANAGE |
create disk-store --name=foo --dir=bar | DATA:MANAGE |
create gateway-receiver | DATA:MANAGE |
create gateway-sender --id=sender1 --remote-distributed-system-id=2 | DATA:MANAGE |
create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key | DATA:MANAGE:regionName |
create region --name=region12 | DATA:MANAGE |
define index --name=myIndex1 --expression=exp1 --region=/exampleRegion | DATA:MANAGE:regionName |
deploy --jar=group1_functions.jar --group=Group1 | DATA:MANAGE |
destroy disk-store --name=foo | DATA:MANAGE |
destroy function --id=InterestCalculations | DATA:MANAGE |
destroy index --member=server2 | DATA:MANAGE:regionName if regionName is specified, otherwise DATA:MANAGE |
destroy region --name=value | DATA:MANAGE |
import cluster-configuration --zip-file-name=value | DATA:MANAGE |
load-balance gateway-sender --id=sender1 | DATA:MANAGE |
pause gateway-sender --id=sender1 | DATA:MANAGE |
pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1 | DATA:MANAGE |
rebalance --include-region=region1 | DATA:MANAGE |
resume gateway-sender --id=sender1 | DATA:MANAGE |
revoke missing-disk-store --id=foo | DATA:MANAGE |
start gateway-receiver | DATA:MANAGE |
start gateway-sender --id=sender1 | DATA:MANAGE |
stop gateway-receiver | DATA:MANAGE |
stop gateway-sender --id=sender1 | DATA:MANAGE |
undeploy --group=Group1 | DATA:MANAGE |
backup disk-store --dir=foo | DATA:READ |
export data --region=region1 --file=foo.txt --member=value | DATA:READ:regionName |
get --key=key1 --region=region1 | DATA:READ:regionName:key |
locateEntry | DATA:READ:regionName:key |
query --query='SELECT * FROM /region1' | DATA:READ:REGIONNAME |
execute function --id=InterestCalculations --group=Group1 | DATA:WRITE |
import data --region=region1 --file=foo.txt --member=value | DATA:WRITE:regionName |
put --key=key1 --value=value1 --region=region1 | DATA:WRITE:regionName:key |
remove --region=region1 | DATA:WRITE:regionName, if key is specified, then DATA:WRITE:regionName:key |
alter jdbc-connection | CLUSTER:MANAGE |
alter jdbc-mapping | CLUSTER:MANAGE |
create jdbc-connection | CLUSTER:MANAGE |
create jdbc-mapping | CLUSTER:MANAGE |
describe jdbc-connection | CLUSTER:MANAGE |
describe jdbc-mapping | CLUSTER:MANAGE |
destroy jdbc-connection | CLUSTER:MANAGE |
destroy jdbc-mapping | CLUSTER:MANAGE |
list jdbc-connections | CLUSTER:MANAGE |
list jdbc-mappings | CLUSTER:MANAGE |
create jndi-binding | CLUSTER:MANAGE |
describe jndi-binding | CLUSTER:READ |
destroy jndi-binding | CLUSTER:MANAGE |
list jndi-binding | CLUSTER:READ |
Pulse
Pulse access is divided into two main categories: access to the Data Browser page and everything else.
...