hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6188) Remove the concept of table owner
Date Mon, 11 Jun 2012 22:08:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293128#comment-13293128

Andrew Purtell commented on HBASE-6188:

bq. DDL operations can't be done by ADMIN.

I'm not sure there is a situation where it would make sense to disallow an administrator from
making a DDL operation.

You've convinced me of this:

CREATE -(DDL) CreateTable, AddColumn, DeleteColumn, DeleteTable, ModifyColumn, ModifyTable,
DisableTable, EnableTable

ADMIN - All of the above plus Flush, Split, Compact

It's not useful to give add/delete/modify schema privileges without enable/disable to have
them take effect. So either we do the above or we get rid of CREATE. I think the above distinction
is still useful.

Thanks for having the discussion.
> Remove the concept of table owner
> ---------------------------------
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE permission
can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds unnecessary conditionals
to our code. So instead the administrator with GLOBAL CREATE permission should make the appropriate
grants at table create time.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message