hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6096) AccessController v2
Date Tue, 29 May 2012 18:05:24 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284981#comment-13284981

Matteo Bertozzi commented on HBASE-6096:

1) no admin is different... able to do operation on the cluster (region move, unassign, ...
and create/delete/modify all the tables)

2) if you grant for 'A' you don't get RWC 
so admin are not able to read but are able to perform actions (create/delete/modify) on all

3) if you grant 'W' you don't get 'R'

The permission checks are done in this way:
 * Allow All to READ on .META. and -ROOT-
 * Allow Users with global ADMIN/CREATE to write on .META. (Add/Remove Table...)
 * Allow if user is Table Owner
 * Allow if user has Table Level rights
 * Allow if user has (Table) Family Level rights
 * Allow if user has (Table, Family) Qualifier Level rights
> AccessController v2
> -------------------
>                 Key: HBASE-6096
>                 URL: https://issues.apache.org/jira/browse/HBASE-6096
>             Project: HBase
>          Issue Type: Umbrella
>          Components: security
>    Affects Versions: 0.96.0, 0.94.1
>            Reporter: Andrew Purtell
> Umbrella issue for iteration on the initial AccessController drop.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message