hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laxman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6096) AccessController v2
Date Wed, 30 May 2012 06:20:24 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13285418#comment-13285418

Laxman commented on HBASE-6096:

{quote}2) if you grant for 'A' you don't get RWC
so admin are not able to read but are able to perform actions (create/delete/modify) on all

bq. IMO, it's preferable to conceptualize ADMIN permission as only an extra bit that allows
you to interact with the Master on table management concerns.

I agree. But I still need some details to prepare ACL matrix.

There are two levels of 'A' (ADMIN) now.
a) GLOBAL ADMIN (Super user - Configured using hbase.superuser)
b) TABLE ADMIN (via grant)

I'm not able to clearly differentiate between them.

In the current implementation, GLOBAL ADMIN is able to read/write to any table. Which means,
TABLE ADMIN will not be able to perform some operations on a table which GLOBAL ADMIN is able
to do. Now we may need to discuss which part of these needs correction?

IMO, GLOBAL ADMIN (for all tables) semantics should be inline with TABLE ADMIN (for one table).
> AccessController v2
> -------------------
>                 Key: HBASE-6096
>                 URL: https://issues.apache.org/jira/browse/HBASE-6096
>             Project: HBase
>          Issue Type: Umbrella
>          Components: security
>    Affects Versions: 0.96.0, 0.94.1
>            Reporter: Andrew Purtell
> Umbrella issue for iteration on the initial AccessController drop.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message