hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Helmling (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HBASE-3045) Extend HBASE-3025 into a role based access control model using "HBase groups"
Date Tue, 28 Sep 2010 18:46:33 GMT

    [ https://issues.apache.org/jira/browse/HBASE-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12915873#action_12915873

Gary Helmling commented on HBASE-3045:

bq. It seems to me we would like to use the same GroupMappingService interface that HDFS uses,
so that by default the groups match up between the systems.

That's definitely the plan for HBASE-3025, where a user's groups (as resolved by GroupMappingService)
can also be used for permission assignments.

This issue proposes adding an additional layer of HBase persisted and manipulated roles, where
a role can contain members who are:
* users
* groups
* other roles

This is more akin to PostgreSQL role management.  You could then set say a "webapp" role that
has certain access rights to a set of tables and add users or groups as needed.   You can
model the same thing with external groups and memberships, but recursive roles give a bit
more flexibility to the policy definitions.

> Extend HBASE-3025 into a role based access control model using "HBase groups"
> -----------------------------------------------------------------------------
>                 Key: HBASE-3045
>                 URL: https://issues.apache.org/jira/browse/HBASE-3045
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Andrew Purtell
>            Assignee: Eugene Koontz

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message