hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6096) AccessController v2
Date Tue, 29 May 2012 18:05:24 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13284981#comment-13284981
] 

Matteo Bertozzi commented on HBASE-6096:
----------------------------------------

1) no admin is different... able to do operation on the cluster (region move, unassign, ...
and create/delete/modify all the tables)

2) if you grant for 'A' you don't get RWC 
so admin are not able to read but are able to perform actions (create/delete/modify) on all
tables

3) if you grant 'W' you don't get 'R'

The permission checks are done in this way:
AccessController.permissionGranted()
 * Allow All to READ on .META. and -ROOT-
 * Allow Users with global ADMIN/CREATE to write on .META. (Add/Remove Table...)
 * Allow if user is Table Owner
 * Allow if user has Table Level rights
 * Allow if user has (Table) Family Level rights
 * Allow if user has (Table, Family) Qualifier Level rights
                
> AccessController v2
> -------------------
>
>                 Key: HBASE-6096
>                 URL: https://issues.apache.org/jira/browse/HBASE-6096
>             Project: HBase
>          Issue Type: Umbrella
>          Components: security
>    Affects Versions: 0.96.0, 0.94.1
>            Reporter: Andrew Purtell
>
> Umbrella issue for iteration on the initial AccessController drop.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message