hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francis Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9206) namespace permissions
Date Mon, 19 Aug 2013 17:35:55 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13744037#comment-13744037

Francis Liu commented on HBASE-9206:

Yep a few minor clarifications:

'C' on the namespace also allows table creation in the namespace.
Does not grant create/drop privilege on the namespace, this also needs needs to be documented

The AccessController should filter out tables for which the user doesn't have privilege when
enumerating descriptors for the list table names APIs. We ignore cell level perms when deciding.
Thinking about this again. It might just be better to have a privilege which restricts list
namespace and list tables by namespace as well as list tables. Tho we currently don't have
a use case in either case. But restricting instead of hiding seems to be a more straightforward
approach. Will have to see how other DBs do it.

> namespace permissions
> ---------------------
>                 Key: HBASE-9206
>                 URL: https://issues.apache.org/jira/browse/HBASE-9206
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Francis Liu
> Now that we have namespaces let's address how we can give admins more flexibility.
> Let's list out the privileges we'd like. Then we can map it to existing privileges and
see if we need more. 
> So far we have:
> 1. Modify namespace descriptor (ie quota, other values)
> 2. create namespace
> 3. delete namespace
> 4. list tables in namespace
> 5. create/drop tables in a namespace
> 6. All namespace's tables create
> 7. All namespace's tables write
> 8. All namespace's tables execute
> 9. All namespace's tables delete
> 10. All namespace's tables admin
> 1-3, is currently set to global admin only. Which seems acceptable to me.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message