hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6188) Remove the concept of table owner
Date Mon, 11 Jun 2012 17:48:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292922#comment-13292922
] 

Andrew Purtell commented on HBASE-6188:
---------------------------------------

The trouble here is CREATE loses most of its meaning when there won't be a concept of "table
owner" (initialized to the creator) and it is a large subset of ADMIN permission. A user with
CREATE permissions on a table can do everything except assign or move a region? Why does that
make sense when disable/enable will move all of the regions around, much more disruptive?


What I am after here is a justification for keeping around the legacy permission CREATE.
                
> Remove the concept of table owner
> ---------------------------------
>
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE permission
can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds unnecessary conditionals
to our code. So instead the administrator with GLOBAL CREATE permission should make the appropriate
grants at table create time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message