hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-6188) Remove the concept of table owner
Date Mon, 11 Jun 2012 22:10:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293128#comment-13293128
] 

Andrew Purtell edited comment on HBASE-6188 at 6/11/12 10:10 PM:
-----------------------------------------------------------------

bq. DDL operations can't be done by ADMIN.

I'm not sure there is a situation where it would make sense to disallow an administrator from
making a DDL operation.

You've convinced me of this:

CREATE -(DDL) CreateTable, AddColumn, DeleteColumn, DeleteTable, ModifyColumn, ModifyTable,
DisableTable, EnableTable

ADMIN - All of the above plus Flush, Split, Compact

It's not useful to give add/delete/modify schema privileges without enable/disable to have
them take effect. So either we do the above or we get rid of CREATE. I think the above distinction
is still useful.

Edit: I don't like that non-ADMIN can do enable/disable table, because it can really affect
the cluster if the table is large. However I think on balance it would be more confusing than
useful to remove EnableTable and DisableTable from the set of operations CREATE permission
allows until online schema update-in-place without disable is always possible.

Thanks for having the discussion.
                
      was (Author: apurtell):
    bq. DDL operations can't be done by ADMIN.

I'm not sure there is a situation where it would make sense to disallow an administrator from
making a DDL operation.

You've convinced me of this:

CREATE -(DDL) CreateTable, AddColumn, DeleteColumn, DeleteTable, ModifyColumn, ModifyTable,
DisableTable, EnableTable

ADMIN - All of the above plus Flush, Split, Compact

It's not useful to give add/delete/modify schema privileges without enable/disable to have
them take effect. So either we do the above or we get rid of CREATE. I think the above distinction
is still useful.

Thanks for having the discussion.
                  
> Remove the concept of table owner
> ---------------------------------
>
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE permission
can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds unnecessary conditionals
to our code. So instead the administrator with GLOBAL CREATE permission should make the appropriate
grants at table create time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message