[HPCC-15507] Rework shared permissions cache - HPCC

XML

Word

Printable

Details

Type: Suggestion
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0
Component/s: Security Manager
Labels:
None

Pull Request URL:
https://github.com/hpcc-systems/HPCC-Platform/pull/8627

Description

~~HPCC-15439~~ introduced the concept of a shared permissions cache. The implementation may be more restrictive than necessary.

Given the ability to concurrently use multiple security manager classes (as opposed to multiple instances of a single class), with each manager authenticating against a different user base, it is possible for user name collisions to occur. A single cache shared by all managers may not behave as expected when collisions occur. When it doesn't work, either a cache entry will be discarded as invalid, or incorrect user properties supplied by a different user base will be applied to the user.

Each security manager class that supports shared caching should be responsible for instantiating its own static cache. This will ensure that cached content is consistent within the context of each security manager. Otherwise, the limitations inherent to global sharing need to be well documented.

Attachments

Activity

People

Assignee:: Russ Whitehead

Reporter:: Tim Klemm

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/May/16 6:59 PM

Updated:: 16/May/16 9:44 AM

Resolved:: 16/May/16 9:44 AM