hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11077) [AccessController] Restore compatible early-out access denial
Date Wed, 30 Apr 2014 22:03:16 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13986147#comment-13986147
] 

Enis Soztutar commented on HBASE-11077:
---------------------------------------

bq. Then we break compatibility from 0.98.1 to 0.98.2, in that default behavior prior to 0.98.2
in the 0.98 release line is quite different
Maybe default to false on 0.98, but true on trunk. 
bq. unfortunately cell ACLs would become largely useless, unless the admin research the feature
and flip the attribute to "false", because when we early out at CF checks to retain pre-0.98
behavior the cell ACLs that would otherwise grant exceptional access won't be visited, unless
using the cell-first strategy
Surely we do not want to make the model complex, but at the same time allow both of the use
cases. If we have table privs + config option + per-operation cell-first strategy it is already
three dimensions. Can we reduce that to at least two? Can we get away with per-operation strategy
or the config option? 

> [AccessController] Restore compatible early-out access denial
> -------------------------------------------------------------
>
>                 Key: HBASE-11077
>                 URL: https://issues.apache.org/jira/browse/HBASE-11077
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>            Priority: Critical
>             Fix For: 0.99.0, 0.98.2
>
>         Attachments: HBASE-11077.patch, HBASE-11077.patch, HBASE-11077.patch, HBASE-11077.patch
>
>
> See parent for the whole story.
> For 0.98, to start, just put back the early out that was removed in 0.98.0 and allow
it to be overridden with a table attribute. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message