THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- If the user has a Describe (Cluster) ACL, return all groups (this is the current behavior),
- If the user does not have Describe (Cluster) ACL, filter only those groups s/he has Describe (Group) ACL on.
Compatibility, Deprecation, and Migration Plan
- With the proposed change users who could successfully list groups before (i.e. with Describe (Cluster) ACL), can still do so without any change.
- Users who did not have Describe (Cluster) ACL, but had Read (Group) on some groups were not able to list those groups before. With this proposal, they can now list them. This is reasonable according to the drawback mentioned earlier. They could already describe the groups, so it only makes sense if they can list them too.
...