hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-6188) Remove the concept of table owner
Date Fri, 08 Jun 2012 23:13:24 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13292076#comment-13292076
] 

Andrew Purtell edited comment on HBASE-6188 at 6/8/12 11:12 PM:
----------------------------------------------------------------

bq. Should we allow users with "C" to perform DDL?

That makes sense. CREATE permissions allow DDL but only ADMIN permission can do things like
force flush, force split, etc. 

Edit: Another consideration is CREATE could do DDL if online schema update is possible, but
won't have permission if the table must be offlined (which would require ADMIN). The objective
is to maintain the legacy CREATE permission with sufficient and useful distinction from ADMIN.
If the distinction is not useful, we can consider alternatives.
                
      was (Author: apurtell):
    bq. Should we allow users with "C" to perform DDL?

That makes sense. CREATE permissions allow DDL but only ADMIN permission can do things like
force flush, force split, etc. 
                  
> Remove the concept of table owner
> ---------------------------------
>
>                 Key: HBASE-6188
>                 URL: https://issues.apache.org/jira/browse/HBASE-6188
>             Project: HBase
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Andrew Purtell
>            Assignee: Laxman
>              Labels: security
>
> The table owner concept was a design simplification in the initial drop.
> First, the design changes under review means only a user with GLOBAL CREATE permission
can create a table, which will probably be an administrator.
> Then, granting implicit permissions may lead to oversights and it adds unnecessary conditionals
to our code. So instead the administrator with GLOBAL CREATE permission should make the appropriate
grants at table create time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message