hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9206) namespace permissions
Date Mon, 19 Aug 2013 17:35:55 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13744037#comment-13744037
] 

Francis Liu commented on HBASE-9206:
------------------------------------

Yep a few minor clarifications:

{quote}
'C' on the namespace also allows table creation in the namespace.
{quote}
Does not grant create/drop privilege on the namespace, this also needs needs to be documented
clearly.

{quote}
The AccessController should filter out tables for which the user doesn't have privilege when
enumerating descriptors for the list table names APIs. We ignore cell level perms when deciding.
{quote}
Thinking about this again. It might just be better to have a privilege which restricts list
namespace and list tables by namespace as well as list tables. Tho we currently don't have
a use case in either case. But restricting instead of hiding seems to be a more straightforward
approach. Will have to see how other DBs do it.


                
> namespace permissions
> ---------------------
>
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
>
> Now that we have namespaces let's address how we can give admins more flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing privileges and
see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message